turbot/guardrails
steampipe plugin install guardrails

Table: guardrails_policy_type - Query Guardrails Policy Types using SQL

Guardrails is a service that provides policy management and enforcement capabilities. It allows you to define and manage policies for various resources, ensuring compliance with your organization's security and governance requirements. Policy Types in Guardrails are the different categories of policies that can be created and managed.

Table Usage Guide

The guardrails_policy_type table provides insights into Policy Types within Guardrails. As a Security Engineer, explore policy type-specific details through this table, including their names, descriptions, and associated metadata. Utilize it to uncover information about different policy types, such as those related to resource management, access control, and security compliance.

Examples

List all policy types

Explore the various policy types available in your system in an organized manner to better understand your security infrastructure and manage your policies effectively. This query is useful for identifying and managing the range of policy types in your system.

select
id,
uri,
trunk_title
from
guardrails_policy_type
order by
trunk_title;
select
id,
uri,
trunk_title
from
guardrails_policy_type
order by
trunk_title;

List all policy types with additional detail

Explore policy settings by gaining insights into additional details such as descriptions and related links. This allows for a better understanding of each policy type and its specific configurations.

select
trunk_title as "policy_name",
description,
schema ->> 'enum' as "policy_settings",
uri as "policy_uri"
from
guardrails_policy_type
order by
trunk_title;
select
trunk_title as "policy_name",
description,
json_extract(schema, '$.enum') as "policy_settings",
uri as "policy_uri"
from
guardrails_policy_type
order by
trunk_title;

List all policy types for AWS S3

Discover the variety of policy types available for AWS S3 to better manage and secure your cloud storage resources. This can help you understand the different levels of control you can exert over your S3 resources.

select
id,
uri,
trunk_title
from
guardrails_policy_type
where
mod_uri like 'tmod:@turbot/aws-s3%'
order by
trunk_title;
select
id,
uri,
trunk_title
from
guardrails_policy_type
where
mod_uri like 'tmod:@turbot/aws-s3%'
order by
trunk_title;

Count policy types by cloud provider

Explore the distribution of policy types across different cloud providers such as AWS, Azure, and GCP to understand their usage and prevalence. This information can be beneficial for assessing your organization's cloud utilization and security posture.

select
sum(
case
when mod_uri like 'tmod:@turbot/aws-%' then 1
else 0
end
) as aws,
sum(
case
when mod_uri like 'tmod:@turbot/azure-%' then 1
else 0
end
) as azure,
sum(
case
when mod_uri like 'tmod:@turbot/gcp-%' then 1
else 0
end
) as gcp,
count(*) as total
from
guardrails_policy_type;
select
sum(
case
when mod_uri like 'tmod:@turbot/aws-%' then 1
else 0
end
) as aws,
sum(
case
when mod_uri like 'tmod:@turbot/azure-%' then 1
else 0
end
) as azure,
sum(
case
when mod_uri like 'tmod:@turbot/gcp-%' then 1
else 0
end
) as gcp,
count(*) as total
from
guardrails_policy_type;

Policy types that target AWS > S3 > Bucket

Explore which policy types are specifically targeting your AWS S3 buckets. This is useful to assess and manage the security and compliance of your S3 resources.

select
trunk_title,
uri,
targets
from
guardrails_policy_type
where
targets ? 'tmod:@turbot/aws-s3#/resource/types/bucket';
Error: SQLite does not support the "?" operator used in JSON queries.

Schema for guardrails_policy_type

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
akasjsonbAKA (also known as) identifiers for the policy type.
category_idbigintID of the control category for the policy type.
category_uritextURI of the control category for the policy type.
create_timestamptimestamp with time zoneWhen the policy type was first discovered by Turbot. (It may have been created earlier.)
default_templatetextDefault template used to calculate template-based policy values. Should be a Jinja based YAML string.
descriptiontextDescription of the policy type.
icontextIcon of the policy type.
idbigint=Unique identifier of the policy type.
mod_uritextURI of the mod that contains the policy type.
parent_idtextID for the parent of this policy type.
pathjsonbHierarchy path with all identifiers of ancestors of the policy type.
read_onlybooleanIf true user-defined policy settings are blocked from being created.
schemajsonbJSON schema defining the allowed schema for policy values for any targeted resources.
secretbooleanJSON schema defining valid values for the policy type.
secret_leveltextSecret Level: SECRET, CONFIDENTIAL or NONE.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
targetsjsonbURIs of the resource types targeted by this policy type.
titletextTitle of the policy type.
trunk_titletextTitle with full path of the policy type.
update_timestamptimestamp with time zoneWhen the policy type was last updated in Turbot.
uritext=URI of the policy type.
version_idbigintUnique identifier for this version of the policy type.
workspacetextSpecifies the workspace URL.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- guardrails

You can pass the configuration to the command with the --config argument:

steampipe_export_guardrails --config '<your_config>' guardrails_policy_type