turbot/guardrails
steampipe plugin install guardrails

Table: guardrails_tag - Query Guardrails Tags using SQL

Guardrails is a tool that helps in managing the security and compliance of cloud resources. It allows users to define and enforce policies across different cloud services, ensuring that resources are secure and compliant with industry standards. Guardrails tags are metadata that can be assigned to Guardrails resources to help organize and manage them.

Table Usage Guide

The guardrails_tag table offers a comprehensive view into Guardrails Tags within the Guardrails service. As a Security Engineer, you can leverage this table to analyze and manage tag data associated with Guardrails resources, including their names and values. This can facilitate effective organization, identification, and management of resources based on custom-defined metadata.

Important Notes

  • When querying this table, we recommend using at least one of these columns (usually in the where clause):
    • id
    • key
    • value
    • filter

Examples

List all tags

Explore all tags to understand their key-value pairings, which can help in organizing and locating specific resources within the Guardrails system.

select
*
from
guardrails_tag
order by
key,
value;
select
*
from
guardrails_tag
order by
key,
value;

Find all resources for the Sales department

Explore which resources are specifically allocated for the Sales department, assisting in resource management and departmental budgeting.

select
key,
value,
resource_ids
from
guardrails_tag
where
key = 'Department'
and value = 'Sales';
select
key,
value,
resource_ids
from
guardrails_tag
where
key = 'Department'
and value = 'Sales';

Find departments with the most tagged resources

Analyze the settings to understand which departments have the most resources tagged to them. This can help to identify areas that may require more oversight or resource allocation.

select
key,
value,
jsonb_array_length(resource_ids) as count
from
guardrails_tag
where
key = 'Department'
order by
count desc;
select
key,
value,
json_array_length(resource_ids) as count
from
guardrails_tag
where
key = 'Department'
order by
count desc;

List tags without values

Discover the segments that contain tags without assigned values. This can be useful in identifying potential gaps or inconsistencies in your data tagging practices.

select
*
from
guardrails_tag
where
value is null
or trim(value) = '';
select
*
from
guardrails_tag
where
value is null
or trim(value) = '';

Schema for guardrails_tag

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
create_timestamptimestamp with time zoneWhen the tag was first discovered by Turbot. (It may have been created earlier.)
filtertext=Filter used for this tag list.
idbigint=Unique identifier of the tag.
keytext=Tag key.
resource_idsjsonbTurbot IDs of resources with this tag.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
timestamptimestamp with time zoneTimestamp when the tag was last modified (created, updated or deleted).
update_timestamptimestamp with time zoneWhen the tag was last updated in Turbot.
valuetext=Tag value.
version_idbigintUnique identifier for this version of the tag.
workspacetextSpecifies the workspace URL.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- guardrails

You can pass the configuration to the command with the --config argument:

steampipe_export_guardrails --config '<your_config>' guardrails_tag