Table: guardrails_tag - Query Guardrails Tags using SQL

Guardrails is a tool that helps in managing the security and compliance of cloud resources. It allows users to define and enforce policies across different cloud services, ensuring that resources are secure and compliant with industry standards. Guardrails tags are metadata that can be assigned to Guardrails resources to help organize and manage them.

Table Usage Guide

The guardrails_tag table offers a comprehensive view into Guardrails Tags within the Guardrails service. As a Security Engineer, you can leverage this table to analyze and manage tag data associated with Guardrails resources, including their names and values. This can facilitate effective organization, identification, and management of resources based on custom-defined metadata.

Important Notes

When querying this table, we recommend using at least one of these columns (usually in the where clause):
- id
- key
- value
- filter

Examples

List all tags

Explore all tags to understand their key-value pairings, which can help in organizing and locating specific resources within the Guardrails system.

select
  *
from
  guardrails_tag
order by
  key,
  value;

select
  *
from
  guardrails_tag
order by
  key,
  value;

Find all resources for the Sales department

Explore which resources are specifically allocated for the Sales department, assisting in resource management and departmental budgeting.

select
  key,
  value,
  resource_ids
from
  guardrails_tag
where
  key = 'Department'
  and value = 'Sales';

select
  key,
  value,
  resource_ids
from
  guardrails_tag
where
  key = 'Department'
  and value = 'Sales';

Find departments with the most tagged resources

Analyze the settings to understand which departments have the most resources tagged to them. This can help to identify areas that may require more oversight or resource allocation.

select
  key,
  value,
  jsonb_array_length(resource_ids) as count
from
  guardrails_tag
where
  key = 'Department'
order by
  count desc;

select
  key,
  value,
  json_array_length(resource_ids) as count
from
  guardrails_tag
where
  key = 'Department'
order by
  count desc;

Discover the segments that contain tags without assigned values. This can be useful in identifying potential gaps or inconsistencies in your data tagging practices.

select
  *
from
  guardrails_tag
where
  value is null
  or trim(value) = '';

select
  *
from
  guardrails_tag
where
  value is null
  or trim(value) = '';

Schema for guardrails_tag

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
create_timestamp	timestamp with time zone		When the tag was first discovered by Turbot. (It may have been created earlier.)
filter	text	=	Filter used for this tag list.
id	bigint	=	Unique identifier of the tag.
key	text	=	Tag key.
resource_ids	jsonb		Turbot IDs of resources with this tag.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
timestamp	timestamp with time zone		Timestamp when the tag was last modified (created, updated or deleted).
update_timestamp	timestamp with time zone		When the tag was last updated in Turbot.
value	text	=	Tag value.
version_id	bigint		Unique identifier for this version of the tag.
workspace	text		Specifies the workspace URL.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- guardrails

You can pass the configuration to the command with the --config argument:

steampipe_export_guardrails --config '<your_config>' guardrails_tag