steampipe plugin install alicloudsteampipe plugin install alicloud

Alibaba Cloud + Steampipe

Steampipe is an open source CLI to instantly query cloud APIs using SQL.

Alibaba Cloud provides on-demand cloud computing platforms and APIs to authenticated customers on a metered pay-as-you-go basis.

For example:

select
  name,
  display_name,
  mfa_enabled
from
  alicloud_ram_user;

+---------+----------------+-------------+
| name    | display_name   | mfa_enabled |
+---------+----------------+-------------+
| pam     | pam_beesly     | false       |
| creed   | creed_bratton  | true        |
| stanley | stanley_hudson | false       |
| michael | michael_scott  | false       |
| dwight  | dwight_schrute | true        |
+---------+----------------+-------------+

Documentation

Table definitions & examples →

Get started

Install

Download and install the latest Alibaba Cloud plugin:

steampipe plugin install alicloud

Credentials

Item	Description
Credentials	Create API keys and add to `~/.steampipe/config/alicloud.spc`
Permissions	Minimally grant the user `AliyunOSSReadOnlyAccess`
Radius	Each connection represents a single Alibaba Cloud account.
Resolution	1. Credentials specified in connection argument file. 2. Credentials specified in environment variables.
Region Resolution	If `regions` is not specified, Steampipe will use the single default region.

Configuration

Installing the latest alicloud plugin will create a config file (~/.steampipe/config/alicloud.spc) with a single connection named alicloud:

connection "alicloud" {
  plugin      = "alicloud"
  secret_key  = "gMCYsoGqjfThisISNotARealKeyVVhh"
  access_key  = "ASIA42DZSWFYSN2PFHPJ"
  regions     = ["us-east-1" , "ap-south-1"]
}

Get involved

Open source: https://github.com/turbot/steampipe-plugin-alicloud
Community: Slack Channel

Advanced configuration options

For users with multiple accounts and more complex authentication use cases, here are some examples of advanced configuration options:

Specify multiple accounts

A common configuration is to have multiple connections to different accounts:

connection "ali_account_aaa" {
  plugin      = "alicloud"
  secret_key  = "gMCYsoGqjfThisISNotARealKeyVVhh"
  access_key  = "ASIA42DZSWFYSN2PFHPJ"
  regions     = ["us-east-1" , "ap-south-1"]
}

connection "ali_account_bbb" {
  plugin      = "alicloud"
  secret_key  = "gMCYsoGqjfThisAintARealKeyVVhh"
  access_key  = "ASIA42DZSWFYS42PFJHP"
  regions     = ["cn-east-1"]
}

Specify static credentials using environment variables

Steampipe supports three different naming conventions for Alicloud authentication environment variables, checking for existence in the following order:

aliyun CLI format

export ALIBABACLOUD_ACCESS_KEY_ID=ASIA42DZSWFYS42PFJHP  
export ALIBABACLOUD_ACCESS_KEY_SECRET=gMCYsoGqjfThisAintARealKeyVVhh
export ALIBABACLOUD_REGION_ID=cn-east-1

Terraform format

export ALICLOUD_ACCESS_KEY_ID=ASIA42DZSWFYS42PFJHP  
export ALICLOUD_ACCESS_KEY_SECRET=gMCYsoGqjfThisAintARealKeyVVhh
export ALICLOUD_REGION_ID=cn-east-1

Steampipe format

export ALICLOUD_ACCESS_KEY=ASIA42DZSWFYS42PFJHP  
export ALICLOUD_SECRET_KEY=gMCYsoGqjfThisAintARealKeyVVhh
export ALICLOUD_REGION=cn-east-1

If regions is not specified, Steampipe will use the single default region.

turbot/alicloud