Table: guardrails_policy_type - Query Guardrails Policy Types using SQL
Guardrails is a service that provides policy management and enforcement capabilities. It allows you to define and manage policies for various resources, ensuring compliance with your organization's security and governance requirements. Policy Types in Guardrails are the different categories of policies that can be created and managed.
Table Usage Guide
The guardrails_policy_type table provides insights into Policy Types within Guardrails. As a Security Engineer, explore policy type-specific details through this table, including their names, descriptions, and associated metadata. Utilize it to uncover information about different policy types, such as those related to resource management, access control, and security compliance.
Examples
List all policy types
Explore the various policy types available in your system in an organized manner to better understand your security infrastructure and manage your policies effectively. This query is useful for identifying and managing the range of policy types in your system.
select id, uri, trunk_titlefrom guardrails_policy_typeorder by trunk_title;select id, uri, trunk_titlefrom guardrails_policy_typeorder by trunk_title;List all policy types with additional detail
Explore policy settings by gaining insights into additional details such as descriptions and related links. This allows for a better understanding of each policy type and its specific configurations.
select trunk_title as "policy_name", description, schema ->> 'enum' as "policy_settings", uri as "policy_uri"from guardrails_policy_typeorder by trunk_title;select trunk_title as "policy_name", description, json_extract(schema, '$.enum') as "policy_settings", uri as "policy_uri"from guardrails_policy_typeorder by trunk_title;List all policy types for AWS S3
Discover the variety of policy types available for AWS S3 to better manage and secure your cloud storage resources. This can help you understand the different levels of control you can exert over your S3 resources.
select id, uri, trunk_titlefrom guardrails_policy_typewhere mod_uri like 'tmod:@turbot/aws-s3%'order by trunk_title;select id, uri, trunk_titlefrom guardrails_policy_typewhere mod_uri like 'tmod:@turbot/aws-s3%'order by trunk_title;Count policy types by cloud provider
Explore the distribution of policy types across different cloud providers such as AWS, Azure, and GCP to understand their usage and prevalence. This information can be beneficial for assessing your organization's cloud utilization and security posture.
select sum( case when mod_uri like 'tmod:@turbot/aws-%' then 1 else 0 end ) as aws, sum( case when mod_uri like 'tmod:@turbot/azure-%' then 1 else 0 end ) as azure, sum( case when mod_uri like 'tmod:@turbot/gcp-%' then 1 else 0 end ) as gcp, count(*) as totalfrom guardrails_policy_type;select sum( case when mod_uri like 'tmod:@turbot/aws-%' then 1 else 0 end ) as aws, sum( case when mod_uri like 'tmod:@turbot/azure-%' then 1 else 0 end ) as azure, sum( case when mod_uri like 'tmod:@turbot/gcp-%' then 1 else 0 end ) as gcp, count(*) as totalfrom guardrails_policy_type;Policy types that target AWS > S3 > Bucket
Explore which policy types are specifically targeting your AWS S3 buckets. This is useful to assess and manage the security and compliance of your S3 resources.
select trunk_title, uri, targetsfrom guardrails_policy_typewhere targets ? 'tmod:@turbot/aws-s3#/resource/types/bucket';Error: SQLite does not support the "?" operator used in JSON queries.Schema for guardrails_policy_type
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| akas | jsonb | AKA (also known as) identifiers for the policy type. | |
| category_id | bigint | ID of the control category for the policy type. | |
| category_uri | text | URI of the control category for the policy type. | |
| create_timestamp | timestamp with time zone | When the policy type was first discovered by Turbot. (It may have been created earlier.) | |
| default_template | text | Default template used to calculate template-based policy values. Should be a Jinja based YAML string. | |
| description | text | Description of the policy type. | |
| icon | text | Icon of the policy type. | |
| id | bigint | = | Unique identifier of the policy type. |
| mod_uri | text | URI of the mod that contains the policy type. | |
| parent_id | text | ID for the parent of this policy type. | |
| path | jsonb | Hierarchy path with all identifiers of ancestors of the policy type. | |
| read_only | boolean | If true user-defined policy settings are blocked from being created. | |
| schema | jsonb | JSON schema defining the allowed schema for policy values for any targeted resources. | |
| secret | boolean | JSON schema defining valid values for the policy type. | |
| secret_level | text | Secret Level: SECRET, CONFIDENTIAL or NONE. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| targets | jsonb | URIs of the resource types targeted by this policy type. | |
| title | text | Title of the policy type. | |
| trunk_title | text | Title with full path of the policy type. | |
| update_timestamp | timestamp with time zone | When the policy type was last updated in Turbot. | |
| uri | text | = | URI of the policy type. |
| version_id | bigint | Unique identifier for this version of the policy type. | |
| workspace | text | Specifies the workspace URL. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- guardrailsYou can pass the configuration to the command with the --config argument:
steampipe_export_guardrails --config '<your_config>' guardrails_policy_type