turbot/guardrails
steampipe plugin install guardrails

Table: guardrails_control_type - Query Guardrails Control Types using SQL

Guardrails is a policy as code service that allows you to define and enforce policies across your cloud infrastructure. It provides a centralized way to set up and manage controls for various cloud resources, including virtual machines, databases, web applications, and more. Guardrails helps you stay informed about the compliance status of your cloud resources and take appropriate actions when predefined conditions are met.

Table Usage Guide

The guardrails_control_type table provides insights into control types within Guardrails. As a Security or Compliance officer, explore control type-specific details through this table, including control type, severity, and category. Utilize it to uncover information about control types, such as their classification and criticality, facilitating better risk management and compliance assurance.

Examples

List all control types

Discover the segments that are sorted by the title within the guardrails control system, allowing you to analyze and organize the control types effectively. This can be useful for gaining insights into the structure and organization of your control system.

select
id,
uri,
trunk_title
from
guardrails_control_type
order by
trunk_title;
select
id,
uri,
trunk_title
from
guardrails_control_type
order by
trunk_title;

List all control types for AWS S3

Identify all control types related to AWS S3 to gain insights into the various security and configuration measures available. This could be useful for assessing the elements within your S3 setup and optimizing for best practices.

select
id,
uri,
trunk_title
from
guardrails_control_type
where
mod_uri like 'tmod:@turbot/aws-s3%'
order by
trunk_title;
select
id,
uri,
trunk_title
from
guardrails_control_type
where
mod_uri like 'tmod:@turbot/aws-s3%'
order by
trunk_title;

Count control types by cloud provider

Explore the distribution of control types across various cloud providers to understand their usage patterns and make informed decisions about resource allocation and risk management. This can help in identifying the most utilized cloud provider and strategizing resource management accordingly.

select
sum(
case
when mod_uri like 'tmod:@turbot/aws-%' then 1
else 0
end
) as aws,
sum(
case
when mod_uri like 'tmod:@turbot/azure-%' then 1
else 0
end
) as azure,
sum(
case
when mod_uri like 'tmod:@turbot/gcp-%' then 1
else 0
end
) as gcp,
count(*) as total
from
guardrails_control_type;
select
sum(
case
when mod_uri like 'tmod:@turbot/aws-%' then 1
else 0
end
) as aws,
sum(
case
when mod_uri like 'tmod:@turbot/azure-%' then 1
else 0
end
) as azure,
sum(
case
when mod_uri like 'tmod:@turbot/gcp-%' then 1
else 0
end
) as gcp,
count(*) as total
from
guardrails_control_type;

Control types that target AWS > S3 > Bucket

Explore the control types that specifically target AWS S3 Buckets to better manage and secure your cloud resources. This is particularly useful for ensuring that your AWS S3 Buckets adhere to best practices and regulatory compliance.

select
trunk_title,
uri,
targets
from
guardrails_control_type
where
targets ? 'tmod:@turbot/aws-s3#/resource/types/bucket';
Error: SQLite does not support the '?' operator for JSON objects.

Schema for guardrails_control_type

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
akasjsonbAKA (also known as) identifiers for the control type.
category_idbigintID of the control category for the control type.
category_uritext=URI of the control category for the control type.
create_timestamptimestamp with time zoneWhen the control type was first discovered by Turbot. (It may have been created earlier.)
descriptiontextDescription of the control type.
icontextIcon of the control type.
idbigint=Unique identifier of the control type.
mod_uritextURI of the mod that contains the control type.
parent_idtextID for the parent of this control type.
pathjsonbHierarchy path with all identifiers of ancestors of the control type.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
targetsjsonbURIs of the resource types targeted by this control type.
titletextTitle of the control type.
trunk_titletextTitle with full path of the control type.
update_timestamptimestamp with time zoneWhen the control type was last updated in Turbot.
uritext=URI of the control type.
version_idbigintUnique identifier for this version of the control type.
workspacetextSpecifies the workspace URL.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- guardrails

You can pass the configuration to the command with the --config argument:

steampipe_export_guardrails --config '<your_config>' guardrails_control_type