Table: guardrails_tag - Query Guardrails Tags using SQL
Guardrails is a tool that helps in managing the security and compliance of cloud resources. It allows users to define and enforce policies across different cloud services, ensuring that resources are secure and compliant with industry standards. Guardrails tags are metadata that can be assigned to Guardrails resources to help organize and manage them.
Table Usage Guide
The guardrails_tag table offers a comprehensive view into Guardrails Tags within the Guardrails service. As a Security Engineer, you can leverage this table to analyze and manage tag data associated with Guardrails resources, including their names and values. This can facilitate effective organization, identification, and management of resources based on custom-defined metadata.
Important Notes
- When querying this table, we recommend using at least one of these columns (usually in the
whereclause):idkeyvaluefilter
Examples
List all tags
Explore all tags to understand their key-value pairings, which can help in organizing and locating specific resources within the Guardrails system.
select *from guardrails_tagorder by key, value;select *from guardrails_tagorder by key, value;Find all resources for the Sales department
Explore which resources are specifically allocated for the Sales department, assisting in resource management and departmental budgeting.
select key, value, resource_idsfrom guardrails_tagwhere key = 'Department' and value = 'Sales';select key, value, resource_idsfrom guardrails_tagwhere key = 'Department' and value = 'Sales';Find departments with the most tagged resources
Analyze the settings to understand which departments have the most resources tagged to them. This can help to identify areas that may require more oversight or resource allocation.
select key, value, jsonb_array_length(resource_ids) as countfrom guardrails_tagwhere key = 'Department'order by count desc;select key, value, json_array_length(resource_ids) as countfrom guardrails_tagwhere key = 'Department'order by count desc;List tags without values
Discover the segments that contain tags without assigned values. This can be useful in identifying potential gaps or inconsistencies in your data tagging practices.
select *from guardrails_tagwhere value is null or trim(value) = '';select *from guardrails_tagwhere value is null or trim(value) = '';Schema for guardrails_tag
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| create_timestamp | timestamp with time zone | When the tag was first discovered by Turbot. (It may have been created earlier.) | |
| filter | text | = | Filter used for this tag list. |
| id | bigint | = | Unique identifier of the tag. |
| key | text | = | Tag key. |
| resource_ids | jsonb | Turbot IDs of resources with this tag. | |
| timestamp | timestamp with time zone | Timestamp when the tag was last modified (created, updated or deleted). | |
| update_timestamp | timestamp with time zone | When the tag was last updated in Turbot. | |
| value | text | = | Tag value. |
| version_id | bigint | Unique identifier for this version of the tag. | |
| workspace | text | Specifies the workspace URL. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- guardrailsYou can pass the configuration to the command with the --config argument:
steampipe_export_guardrails --config '<your_config>' guardrails_tag