Table: terraform_resource
Each resource block describes one or more infrastructure objects, such as virtual networks, compute instances, or higher-level components such as DNS records.
Examples
Basic info
select name, type, arguments, pathfrom terraform_resource;
List AWS IAM roles
select name, type, arguments, pathfrom terraform_resourcewhere type = 'aws_iam_role';
List AWS IAM assume_role_policy
Statements
select path, name, (arguments ->> 'assume_role_policy')::jsonb -> 'Statement' as statementfrom terraform_resourcewhere type = 'aws_iam_role'
Get AMI for each AWS EC2 instance
select name, arguments ->> 'ami' as ami, pathfrom terraform_resourcewhere type = 'aws_instance';
List AWS CloudTrail trails that are not encrypted
select name, pathfrom terraform_resourcewhere type = 'aws_cloudtrail' and arguments -> 'kms_key_id' is null;
List Azure storage accounts that allow public blob access
select name, case when arguments -> 'allow_blob_public_access' is null then false else (arguments -> 'allow_blob_public_access') :: boolean end as allow_blob_public_access, pathfrom terraform_resourcewhere type = 'azurerm_storage_account' -- Optional arg that defaults to false and (arguments -> 'allow_blob_public_access') :: boolean;
List Azure MySQL servers that don't enforce SSL
select name, arguments -> 'ssl_enforcement_enabled' as ssl_enforcement_enabled, pathfrom terraform_resourcewhere type = 'azurerm_mysql_server' and not (arguments -> 'ssl_enforcement_enabled') :: boolean;
List Azure MySQL servers with public network access enabled
select name, case when arguments -> 'public_network_access_enabled' is null then true else (arguments -> 'public_network_access_enabled') :: boolean end as public_network_access_enabled, pathfrom terraform_resourcewhere type in ('azurerm_mssql_server', 'azurerm_mysql_server') -- Optional arg that defaults to true and ( arguments -> 'public_network_access_enabled' is null or (arguments -> 'public_network_access_enabled') :: boolean );
.inspect terraform_resource
Terraform resource information.
Name | Type | Description |
---|---|---|
_ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. |
arguments | jsonb | Resource arguments. |
count | bigint | The integer value for the count meta-argument if it's set as a number in a literal expression. |
count_src | jsonb | The count meta-argument accepts a whole number, and creates that many instances of the resource or module. |
depends_on | jsonb | Use the depends_on meta-argument to handle hidden resource or module dependencies that Terraform can't automatically infer. |
end_line | bigint | Ending line number. |
for_each | jsonb | The for_each meta-argument accepts a map or a set of strings, and creates an instance for each item in that map or set. |
lifecycle | jsonb | The lifecycle meta-argument is a nested block that can appear within a resource block. |
name | text | Resource name. |
path | text | Path to the file. |
provider | text | The provider meta-argument specifies which provider configuration to use for a resource, overriding Terraform's default behavior of selecting one based on the resource type name. |
source | text | The block source code. |
start_line | bigint | Starting line number. |
type | text | Resource type. |