brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d3d6f38a9794d56e363d8b50e91a05daf0814135
oam/knowledge base/turbot pipes/steampipe.md
Michele Cereda d3d6f38a97 chore(turbot-pipes): continue learning
2024-05-24 13:13:22 +02:00

5.8 KiB
Raw Blame History

Turbot Steampipe

Dynamically query APIs, code and more with SQL.

  1. TL;DR
  2. Export CLIs
  3. Further readings
    1. Sources

TL;DR

Default files directory (called installation directory by Steampipe) is $HOME/.steampipe.

Installation and configuration 
brew install 'turbot/tap/steampipe'

steampipe completion 'fish' | source
steampipe completion 'fish' > "$HOME/.config/fish/completions/steampipe.fish"

# Disable telemetry.
export STEAMPIPE_TELEMETRY='none'

# Most used configuration settings.
# Most can be set through switch.
# These are set to their defaults.
export \
  STEAMPIPE_INSTALL_DIR="${HOME}/.steampipe" \
  STEAMPIPE_LOG_LEVEL="WARN" \
  STEAMPIPE_MAX_PARALLEL=10 \
  STEAMPIPE_MOD_LOCATION="$PWD" \
  STEAMPIPE_UPDATE_CHECK=true
Usage 
# Install plugins.
steampipe plugin install 'steampipe' 'aws@^0.130' 'theapsgroup/gitlab@v0.6.0'

# List installed plugins.
steampipe plugin list

# Update plugins.
steampipe plugin update --all
steampipe plugin update 'steampipe' 'aws'

# Uninstall plugins.
steampipe plugin uninstall 'steampipe' 'theapsgroup/gitlab@0.6.0' 'hub.steampipe.io/plugins/turbot/aws@^0'

# Start the service.
steampipe service start
steampipe service start --database-port '9194'
steampipe service start --database-listen 'local' --database-password 'MyCustomPassword'

# Get the service's status.
steampipe service status
steampipe service status --all

# View the database's password.
steampipe service status --show-password

# Restart the service.
steampipe service restart

# Stop the service.
steampipe service stop
steampipe service stop --force

# List available queries.
# Requires the 'mod' folder to exist.
steampipe query list

# Start the interactive query console.
steampipe query

# Execute batch queries.
steampipe query 'query'
steampipe query 'query' --output 'json'
steampipe query 'query' --output 'csv' --separator '|'

# Execution of benchmarks and controls has been deprecated in favour of Powerpipe.
#steampipe check 'benchmark.cis_v130'
#steampipe check 'control.cis_v130_1_4' 'control.cis_v130_2_1_1'
#steampipe check 'all'
#steampipe check … --tag 'cis_level=1' --tag 'cis=true' --search-path-prefix 'aws_connection_2'
#steampipe check … --where "severity in ('critical', 'high')" --dry-run
#steampipe check … --theme 'light' --output 'brief' --export 'output.csv' --export 'output.json' --export 'md'
#steampipe check … --theme 'plain' --progress false
Real world use cases 
-- Find all the roles that have AWS-managed policies attached
select
  r.name,
  policy_arn,
  p.is_aws_managed
from
  aws_iam_role as r,
  jsonb_array_elements_text(attached_policy_arns) as policy_arn,
  aws_iam_policy as p
where
  p.arn = policy_arn
  and p.is_aws_managed;

Dashboards and Mods have been deprecated in favour of Powerpipe. Use it instead.

Export CLIs

Every Steampipe plugin is distributed as a distinct Steampipe Export CLI.
It is available for download in the Releases page for the corresponding plugin's repository.

Download, extract, and install the file.
An install script is available for ease of use:

$ /bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)"
Enter the plugin name: aws
Enter the version (latest):
Enter location (/usr/local/bin):
Created temporary directory at /var/folders/t4/1lm46wt12sv7yq1gp1swn3jr0000gn/T/tmp.RpZLlzs2.

Downloading steampipe_export_aws.darwin_arm64.tar.gz...
######################################################################### 100.0%
Deflating downloaded archive
x steampipe_export_aws
Installing
Applying necessary permissions
Removing downloaded archive
steampipe_export_aws was installed successfully to /usr/local/bin

The output can be in CSV (default), JSON or JSONL.

$ steampipe_export_aws 'aws_account' --output 'json'
2024/05/24 12:03:53 [INFO] Memoize getBaseClientForAccountUncached
…
2024/05/24 12:03:53 [INFO] Memoize 0x109fed0c0 listRegionsForServiceUncached
[{
    "_ctx": "{\"connection_name\":\"aws\",\"steampipe\":{\"sdk_version\":\"5.10.0\"}}",
    "account_aliases": "[\"exampleOrg\"]",
    "account_id": "012345678901",
    "akas": "[\"arn:aws:::012345678901\"]",
    "arn": "arn:aws:::012345678901",
    "organization_arn": "arn:aws:organizations::012345678901:organization/o-p42ybyw9ml",
    "organization_available_policy_types": "[{\"Status\":\"ENABLED\",\"Type\":\"SERVICE_CONTROL_POLICY\"}]",
    "organization_feature_set": "ALL",
    "organization_id": "o-p42ybyw9ml",
    "organization_master_account_arn": "arn:aws:organizations::012345678901:account/o-p42ybyw9ml/012345678901",
    "organization_master_account_email": "user@example.org",
    "organization_master_account_id": "012345678901",
    "partition": "aws",
    "region": "global",
    "sp_connection_name": "aws",
    "sp_ctx": "{\"connection_name\":\"aws\",\"steampipe\":{\"sdk_version\":\"5.10.0\"}}",
    "title": "exampleOrg"
}]

Further readings

Sources