turbot/alicloud

steampipe plugin install alicloudsteampipe plugin install alicloud

Alibaba Cloud + Steampipe

Steampipe is an open source CLI to instantly query cloud APIs using SQL.

Alibaba Cloud provides on-demand cloud computing platforms and APIs to authenticated customers on a metered pay-as-you-go basis.

For example:

select
name,
display_name,
mfa_enabled
from
alicloud_ram_user;
+---------+----------------+-------------+
| name | display_name | mfa_enabled |
+---------+----------------+-------------+
| pam | pam_beesly | false |
| creed | creed_bratton | true |
| stanley | stanley_hudson | false |
| michael | michael_scott | false |
| dwight | dwight_schrute | true |
+---------+----------------+-------------+

Documentation

Get started

Install

Download and install the latest Alibaba Cloud plugin:

steampipe plugin install alicloud

Credentials

ItemDescription
CredentialsCreate API keys and add to ~/.steampipe/config/alicloud.spc
PermissionsMinimally grant the user AliyunOSSReadOnlyAccess
RadiusEach connection represents a single Alibaba Cloud account.
Resolution1. Credentials specified in connection argument file.
2. Credentials specified in environment variables.
Region ResolutionIf regions is not specified, Steampipe will use the single default region.

Configuration

Installing the latest alicloud plugin will create a config file (~/.steampipe/config/alicloud.spc) with a single connection named alicloud:

connection "alicloud" {
plugin = "alicloud"
secret_key = "gMCYsoGqjfThisISNotARealKeyVVhh"
access_key = "ASIA42DZSWFYSN2PFHPJ"
regions = ["us-east-1" , "ap-south-1"]
}

Get involved

Advanced configuration options

For users with multiple accounts and more complex authentication use cases, here are some examples of advanced configuration options:

Specify multiple accounts

A common configuration is to have multiple connections to different accounts:

connection "ali_account_aaa" {
plugin = "alicloud"
secret_key = "gMCYsoGqjfThisISNotARealKeyVVhh"
access_key = "ASIA42DZSWFYSN2PFHPJ"
regions = ["us-east-1" , "ap-south-1"]
}
connection "ali_account_bbb" {
plugin = "alicloud"
secret_key = "gMCYsoGqjfThisAintARealKeyVVhh"
access_key = "ASIA42DZSWFYS42PFJHP"
regions = ["cn-east-1"]
}

Specify static credentials using environment variables

Steampipe supports three different naming conventions for Alicloud authentication environment variables, checking for existence in the following order:

  1. aliyun CLI format
export ALIBABACLOUD_ACCESS_KEY_ID=ASIA42DZSWFYS42PFJHP
export ALIBABACLOUD_ACCESS_KEY_SECRET=gMCYsoGqjfThisAintARealKeyVVhh
export ALIBABACLOUD_REGION_ID=cn-east-1
  1. Terraform format
export ALICLOUD_ACCESS_KEY_ID=ASIA42DZSWFYS42PFJHP
export ALICLOUD_ACCESS_KEY_SECRET=gMCYsoGqjfThisAintARealKeyVVhh
export ALICLOUD_REGION_ID=cn-east-1
  1. Steampipe format
export ALICLOUD_ACCESS_KEY=ASIA42DZSWFYS42PFJHP
export ALICLOUD_SECRET_KEY=gMCYsoGqjfThisAintARealKeyVVhh
export ALICLOUD_REGION=cn-east-1

If regions is not specified, Steampipe will use the single default region.