Alibaba Cloud + Steampipe
Steampipe is an open source CLI to instantly query cloud APIs using SQL.
Alibaba Cloud provides on-demand cloud computing platforms and APIs to authenticated customers on a metered pay-as-you-go basis.
For example:
select name, display_name, mfa_enabledfrom alicloud_ram_user;+---------+----------------+-------------+| name | display_name | mfa_enabled |+---------+----------------+-------------+| pam | pam_beesly | false || creed | creed_bratton | true || stanley | stanley_hudson | false || michael | michael_scott | false || dwight | dwight_schrute | true |+---------+----------------+-------------+Documentation
Get started
Install
Download and install the latest Alibaba Cloud plugin:
steampipe plugin install alicloudCredentials
| Item | Description |
|---|---|
| Credentials | Create API keys and add to ~/.steampipe/config/alicloud.spc |
| Permissions | Minimally grant the user AliyunOSSReadOnlyAccess |
| Radius | Each connection represents a single Alibaba Cloud account. |
| Resolution | 1. Credentials specified in connection argument file. 2. Credentials specified in environment variables. |
| Region Resolution | If regions is not specified, Steampipe will use the single default region. |
Configuration
Installing the latest alicloud plugin will create a config file (~/.steampipe/config/alicloud.spc) with a single connection named alicloud:
connection "alicloud" { plugin = "alicloud" secret_key = "gMCYsoGqjfThisISNotARealKeyVVhh" access_key = "ASIA42DZSWFYSN2PFHPJ" regions = ["us-east-1" , "ap-south-1"]}Get involved
- Open source: https://github.com/turbot/steampipe-plugin-alicloud
- Community: Discussion forums
Advanced configuration options
For users with multiple accounts and more complex authentication use cases, here are some examples of advanced configuration options:
Specify multiple accounts
A common configuration is to have multiple connections to different accounts:
connection "ali_account_aaa" { plugin = "alicloud" secret_key = "gMCYsoGqjfThisISNotARealKeyVVhh" access_key = "ASIA42DZSWFYSN2PFHPJ" regions = ["us-east-1" , "ap-south-1"]}
connection "ali_account_bbb" { plugin = "alicloud" secret_key = "gMCYsoGqjfThisAintARealKeyVVhh" access_key = "ASIA42DZSWFYS42PFJHP" regions = ["cn-east-1"]}Specify static credentials using environment variables
Steampipe supports three different naming conventions for Alicloud authentication environment variables, checking for existence in the following order:
- aliyun CLI format
export ALIBABACLOUD_ACCESS_KEY_ID=ASIA42DZSWFYS42PFJHP export ALIBABACLOUD_ACCESS_KEY_SECRET=gMCYsoGqjfThisAintARealKeyVVhhexport ALIBABACLOUD_REGION_ID=cn-east-1- Terraform format
export ALICLOUD_ACCESS_KEY_ID=ASIA42DZSWFYS42PFJHP export ALICLOUD_ACCESS_KEY_SECRET=gMCYsoGqjfThisAintARealKeyVVhhexport ALICLOUD_REGION_ID=cn-east-1- Steampipe format
export ALICLOUD_ACCESS_KEY=ASIA42DZSWFYS42PFJHP export ALICLOUD_SECRET_KEY=gMCYsoGqjfThisAintARealKeyVVhhexport ALICLOUD_REGION=cn-east-1If regions is not specified, Steampipe will use the single default region.