turbot/terraform

GitHub
steampipe plugin install terraformsteampipe plugin install terraform

Table: terraform_resource

Each resource block describes one or more infrastructure objects, such as virtual networks, compute instances, or higher-level components such as DNS records.

Examples

Basic info

select
name,
type,
arguments,
path
from
terraform_resource;

List AWS IAM roles

select
name,
type,
arguments,
path
from
terraform_resource
where
type = 'aws_iam_role';

List AWS IAM assume_role_policy Statements

select
path,
name,
(arguments ->> 'assume_role_policy')::jsonb -> 'Statement' as statement
from
terraform_resource
where
type = 'aws_iam_role'

Get AMI for each AWS EC2 instance

select
name,
arguments ->> 'ami' as ami,
path
from
terraform_resource
where
type = 'aws_instance';

List AWS CloudTrail trails that are not encrypted

select
name,
path
from
terraform_resource
where
type = 'aws_cloudtrail'
and arguments -> 'kms_key_id' is null;

List Azure storage accounts that allow public blob access

select
name,
case
when arguments -> 'allow_blob_public_access' is null then false
else (arguments -> 'allow_blob_public_access') :: boolean
end as allow_blob_public_access,
path
from
terraform_resource
where
type = 'azurerm_storage_account' -- Optional arg that defaults to false
and (arguments -> 'allow_blob_public_access') :: boolean;

List Azure MySQL servers that don't enforce SSL

select
name,
arguments -> 'ssl_enforcement_enabled' as ssl_enforcement_enabled,
path
from
terraform_resource
where
type = 'azurerm_mysql_server'
and not (arguments -> 'ssl_enforcement_enabled') :: boolean;

List Azure MySQL servers with public network access enabled

select
name,
case
when arguments -> 'public_network_access_enabled' is null then true
else (arguments -> 'public_network_access_enabled') :: boolean
end as public_network_access_enabled,
path
from
terraform_resource
where
type in ('azurerm_mssql_server', 'azurerm_mysql_server') -- Optional arg that defaults to true
and (
arguments -> 'public_network_access_enabled' is null
or (arguments -> 'public_network_access_enabled') :: boolean
);

.inspect terraform_resource

Terraform resource information.

NameTypeDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
argumentsjsonbResource arguments.
countbigintThe integer value for the count meta-argument if it's set as a number in a literal expression.
count_srcjsonbThe count meta-argument accepts a whole number, and creates that many instances of the resource or module.
depends_onjsonbUse the depends_on meta-argument to handle hidden resource or module dependencies that Terraform can't automatically infer.
end_linebigintEnding line number.
for_eachjsonbThe for_each meta-argument accepts a map or a set of strings, and creates an instance for each item in that map or set.
lifecyclejsonbThe lifecycle meta-argument is a nested block that can appear within a resource block.
nametextResource name.
pathtextPath to the file.
providertextThe provider meta-argument specifies which provider configuration to use for a resource, overriding Terraform's default behavior of selecting one based on the resource type name.
sourcetextThe block source code.
start_linebigintStarting line number.
typetextResource type.