Table: guardrails_policy_type - Query Guardrails Policy Types using SQL

Guardrails is a service that provides policy management and enforcement capabilities. It allows you to define and manage policies for various resources, ensuring compliance with your organization's security and governance requirements. Policy Types in Guardrails are the different categories of policies that can be created and managed.

Table Usage Guide

The guardrails_policy_type table provides insights into Policy Types within Guardrails. As a Security Engineer, explore policy type-specific details through this table, including their names, descriptions, and associated metadata. Utilize it to uncover information about different policy types, such as those related to resource management, access control, and security compliance.

Examples

List all policy types

Explore the various policy types available in your system in an organized manner to better understand your security infrastructure and manage your policies effectively. This query is useful for identifying and managing the range of policy types in your system.

select
  id,
  uri,
  trunk_title
from
  guardrails_policy_type
order by
  trunk_title;

select
  id,
  uri,
  trunk_title
from
  guardrails_policy_type
order by
  trunk_title;

List all policy types with additional detail

Explore policy settings by gaining insights into additional details such as descriptions and related links. This allows for a better understanding of each policy type and its specific configurations.

select
  trunk_title as "policy_name",
  description,
  schema ->> 'enum' as "policy_settings",
  uri as "policy_uri"
from
  guardrails_policy_type
order by
  trunk_title;

select
  trunk_title as "policy_name",
  description,
  json_extract(schema, '$.enum') as "policy_settings",
  uri as "policy_uri"
from
  guardrails_policy_type
order by
  trunk_title;

List all policy types for AWS S3

Discover the variety of policy types available for AWS S3 to better manage and secure your cloud storage resources. This can help you understand the different levels of control you can exert over your S3 resources.

select
  id,
  uri,
  trunk_title
from
  guardrails_policy_type
where
  mod_uri like 'tmod:@turbot/aws-s3%'
order by
  trunk_title;

select
  id,
  uri,
  trunk_title
from
  guardrails_policy_type
where
  mod_uri like 'tmod:@turbot/aws-s3%'
order by
  trunk_title;

Count policy types by cloud provider

Explore the distribution of policy types across different cloud providers such as AWS, Azure, and GCP to understand their usage and prevalence. This information can be beneficial for assessing your organization's cloud utilization and security posture.

select
  sum(
    case
      when mod_uri like 'tmod:@turbot/aws-%' then 1
      else 0
    end
  ) as aws,
  sum(
    case
      when mod_uri like 'tmod:@turbot/azure-%' then 1
      else 0
    end
  ) as azure,
  sum(
    case
      when mod_uri like 'tmod:@turbot/gcp-%' then 1
      else 0
    end
  ) as gcp,
  count(*) as total
from
  guardrails_policy_type;

select
  sum(
    case
      when mod_uri like 'tmod:@turbot/aws-%' then 1
      else 0
    end
  ) as aws,
  sum(
    case
      when mod_uri like 'tmod:@turbot/azure-%' then 1
      else 0
    end
  ) as azure,
  sum(
    case
      when mod_uri like 'tmod:@turbot/gcp-%' then 1
      else 0
    end
  ) as gcp,
  count(*) as total
from
  guardrails_policy_type;

Policy types that target AWS > S3 > Bucket

Explore which policy types are specifically targeting your AWS S3 buckets. This is useful to assess and manage the security and compliance of your S3 resources.

select
  trunk_title,
  uri,
  targets
from
  guardrails_policy_type
where
  targets ? 'tmod:@turbot/aws-s3#/resource/types/bucket';

Error: SQLite does not support the "?" operator used in JSON queries.

Schema for guardrails_policy_type

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form, e.g. connection_name.
akas	jsonb		AKA (also known as) identifiers for the policy type.
category_id	bigint		ID of the control category for the policy type.
category_uri	text		URI of the control category for the policy type.
create_timestamp	timestamp with time zone		When the policy type was first discovered by Turbot. (It may have been created earlier.)
default_template	text		Default template used to calculate template-based policy values. Should be a Jinja based YAML string.
description	text		Description of the policy type.
icon	text		Icon of the policy type.
id	bigint	=	Unique identifier of the policy type.
mod_uri	text		URI of the mod that contains the policy type.
parent_id	text		ID for the parent of this policy type.
path	jsonb		Hierarchy path with all identifiers of ancestors of the policy type.
read_only	boolean		If true user-defined policy settings are blocked from being created.
schema	jsonb		JSON schema defining the allowed schema for policy values for any targeted resources.
secret	boolean		JSON schema defining valid values for the policy type.
secret_level	text		Secret Level: SECRET, CONFIDENTIAL or NONE.
targets	jsonb		URIs of the resource types targeted by this policy type.
title	text		Title of the policy type.
trunk_title	text		Title with full path of the policy type.
update_timestamp	timestamp with time zone		When the policy type was last updated in Turbot.
uri	text	=	URI of the policy type.
version_id	bigint		Unique identifier for this version of the policy type.
workspace	text		Specifies the workspace URL.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- guardrails

You can pass the configuration to the command with the --config argument:

steampipe_export_guardrails --config '<your_config>' guardrails_policy_type