Turbot + Steampipe [DEPRECATED]
This plugin has been deprecated as part of our renaming of Turbot to Turbot Guardrails. Please use the Turbot Guardrails plugin instead.
Turbot is a cloud governance and security platform with a real-time CMDB for cloud resources.
Steampipe is an open source CLI to instantly query cloud APIs using SQL.
For example:
select trunk_title, urifrom turbot_resource_type;
+---------------------------------+---------------------------------------------------------+| trunk_title | uri |+---------------------------------+---------------------------------------------------------+| Turbot > IAM > Access Key | tmod:@turbot/turbot-iam#/resource/types/accessKey || GCP > Monitoring > Alert Policy | tmod:@turbot/gcp-monitoring#/resource/types/alertPolicy || AWS > IAM > Access Key | tmod:@turbot/aws-iam#/resource/types/accessKey || AWS > EC2 > AMI | tmod:@turbot/aws-ec2#/resource/types/ami || AWS > SSM > Association | tmod:@turbot/aws-ssm#/resource/types/association || GCP > Network > Address | tmod:@turbot/gcp-network#/resource/types/address |+---------------------------------+---------------------------------------------------------+
Documentation
Get started
Install
Download and install the latest Turbot plugin:
steampipe plugin install turbot
Credentials
Installing the latest turbot plugin will create a config file (~/.steampipe/config/turbot.spc
) with a single connection named turbot
. By default, Steampipe will use your Turbot profiles and credentials exactly the same as the Turbot CLI and Turbot Terraform provider. In many cases, no extra configuration is required to use Steampipe.
connection "turbot" { plugin = "turbot"}
Get involved
- Open source: https://github.com/turbot/steampipe-plugin-turbot
- Community: Join #steampipe on Slack →
Advanced configuration options
If you have a default
profile setup using the Turbot CLI, Steampipe just works with that connection.
For users with multiple workspaces and more complex authentication use cases, here are some examples of advanced configuration options:
Credentials via key pair
The Turbot plugin allows you set static credentials with the access_key
, secret_key
, and workspace
arguments in any connection profile.
connection "turbot" { plugin = "turbot" workspace = "https://turbot-acme.cloud.turbot.com/" access_key = "c8e2c2ed-1ca8-429b-b369-010e3cf75aac" secret_key = "a3d8385d-47f7-40c5-a90c-bfdf5b43c8dd"}
Credentials via Turbot config profiles
You can use an existing Turbot named profile configured in /Users/jsmyth/.config/turbot/credentials.yml
. A connect per workspace is a common configuration:
connection "turbot_acme" { plugin = "turbot" profile = "turbot-acme"}
connection "turbot_dmi" { plugin = "turbot" profile = "turbot-dmi"}
Credentials from environment variables
Environment variables provide another way to specify default Turbot CLI credentials:
export TURBOT_SECRET_KEY=3d397816-575f-4b2a-a470-a96abe29b81aexport TURBOT_ACCESS_KEY=86835f29-1c88-46d9-b6ce-cbe5016842d3export TURBOT_WORKSPACE=https://turbot-acme.cloud.turbot.com
You can also change the default profile to a named profile with the TURBOT_PROFILE environment variable:
export TURBOT_PROFILE=turbot-acme