The open-source cloud asset inventory powered by SQL.
CloudQuery extracts, transforms, and loads your cloud assets into normalized PostgreSQL tables. CloudQuery enables you to assess, audit, and monitor the configurations of your cloud assets.
CloudQuery key use-cases and features:
- Search: Use standard SQL to find any asset based on any configuration or relation to other assets.
- Visualize: Connect CloudQuery standard PostgreSQL database to your favorite BI/Visualization tool such as Grafana, QuickSight, etc...
- Policy-as-Code: Codify your security & compliance rules with SQL as the query engine.
- Homepage: https://cloudquery.io
- Releases: https://github.com/cloudquery/cloudquery/releases
- Documentation: https://docs.cloudquery.io
- Hub (Provider and schema docs): https://hub.cloudquery.io/
Checkout https://hub.cloudquery.io
If you want us to add a new provider or resource please open an Issue.
See docs for developing new provider.
You can download the precompiled binary from releases, or using CLI:
export OS=Darwin # Possible values: Linux,Windows,Darwin
curl -L https://github.com/cloudquery/cloudquery/releases/latest/download/cloudquery_${OS}_x86_64 -o cloudquery
chmod a+x cloudquery
./cloudquery --help
# if you want to download a specific version and not latest use the following endpoint
export VERSION= # specifiy a version
curl -L https://github.com/cloudquery/cloudquery/releases/download/${VERSION}/cloudquery_${OS}_x86_64 -o cloudqueryHomebrew
brew install cloudquery/tap/cloudquery
# After initial install you can upgrade the version via:
brew upgrade cloudqueryFirst generate a config.hcl file that will describe which resources you want cloudquery to pull, normalize
and transform resources to the specified SQL database by running the following command:
cloudquery init aws # choose one or more from: [aws azure gcp okta]
# cloudquery init gcp azure # This will generate a config containing gcp and azure providers
# cloudquery init --help # Show all possible auto generated configs and flagsOnce your config.hcl is generated run the following command to fetch the resources:
# you can spawn a local postgresql with docker
# docker run -p 5432:5432 -e POSTGRES_PASSWORD=pass -d postgres
cloudquery fetch --dsn "postgres://postgres:pass@localhost:5432/postgres?sslmode=disable"
# cloudquery fetch --help # Show all possible fetch flagsUsing psql -h localhost -p 5432 -U postgres -d postgres
postgres=# \dt
List of relations
Schema | Name | Type | Owner
--------+-------------------------------------------------------------+-------+----------
public | aws_autoscaling_launch_configuration_block_device_mapping | table | postgres
public | aws_autoscaling_launch_configurations | table | postgresRun the following example queries from psql shell
List ec2_images
SELECT * FROM aws_ec2_images;Find all public facing AWS load balancers
SELECT * FROM aws_elbv2_load_balancers WHERE scheme = 'internet-facing';CloudQuery comes with out-of-the-box policies which you can use as is or modify to fit your use-case.
For example, to run AWS CIS policies enter the following commands (make sure you fetched all the resources beforehand by the fetch command):
./cloudquery policy run aws-cis-1.2.0Full Documentation, resources and SQL schema definitions are available here.
See additional documentation for each provider at https://hub.cloudquery.io.
go build .
./cloudquery # --help to see all options
Checkout cloudquery/terraform-aws-cloudquery
By contributing to cloudquery you agree that your contributions will be licensed as defined on the LICENSE file.
If you are into Go, Backend, Cloud, GCP, AWS - ping us at jobs [at] our domain
Feel free to open Pull-Request for small fixes and changes. For bigger changes and new providers please open an issue first to prevent double work and discuss relevant stuff.