This repository has been archived by the owner on Aug 16, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 40
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add usage docs for provider hub (#97)
* Add usage docs for provider hub Co-authored-by: Ron <[email protected]>
- Loading branch information
1 parent
974590f
commit b66e35d
Showing
1 changed file
with
68 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| ## AWS Provider | ||
|
|
||
| The CloudQuery AWS provider pulls configuration out of AWS resources, normalizes them and stores them in PostgreSQL database. | ||
|
|
||
| ### Install | ||
|
|
||
| ```shell | ||
| cloudquery init aws | ||
| ``` | ||
|
|
||
| ### Authentication | ||
|
|
||
| To authenticate cloudquery with your AWS account you can use any of the following options (see full documentation at [AWS SDK V2](https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/#specifying-credentials)): | ||
|
|
||
| - Static Credentials: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_SESSION_TOKEN` | ||
| - Shared configuration files (via `aws configure`). | ||
| - SDK defaults to `credentials` file under `.aws` folder that is placed in the home folder on your computer. | ||
| - SDK defaults to `config` file under `.aws` folder that is placed in the home folder on your computer. | ||
| - If your application uses an ECS task definition or RunTask API operation, IAM role for tasks. | ||
| - If your application is running on an Amazon EC2 instance, IAM role for Amazon EC2. | ||
|
|
||
| ### Configuration | ||
|
|
||
| The following configuration section can be automaticlly generated by `cloudquery init aws`: | ||
|
|
||
| ```hcl | ||
| provider "aws" { | ||
| configuration { | ||
| // Optional. if you want to assume role to multiple account and fetch data from them | ||
| //accounts "<YOUR ID>" { | ||
| // Optional. Role ARN we want to assume when accessing this account | ||
| // role_arn = <YOUR_ROLE_ARN> | ||
| // } | ||
| // Optional. by default assumes all regions | ||
| // regions = ["us-east-1", "us-west-2"] | ||
| // Optional. Enable AWS SDK debug logging. | ||
| aws_debug = false | ||
| // The maximum number of times that a request will be retried for failures. Defaults to 5 retry attempts. | ||
| // max_retries = 5 | ||
| // The maximum back off delay between attempts. The backoff delays exponentially with a jitter based on the number of attempts. Defaults to 60 seconds. | ||
| // max_backoff = 30 | ||
| } | ||
| ``` | ||
|
|
||
| By default cloudquery will fetch all configuration from **all** resources in **all** regions in the **default** account. You can change this behaviour with the following arguments: | ||
|
|
||
| - `accounts` **(Optional)** - Specify multiple accounts to fetch data from them concurrently and then query across accounts. The default configured account should be able [AssumeRole](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html) to the specified accounts. | ||
| - `regions` **(Optional)** - limit fetching to specific regions. | ||
|
|
||
| ### Query Examples | ||
|
|
||
| #### Find all public facing load balancers | ||
|
|
||
| ```sql | ||
| SELECT * FROM aws_elbv2_load_balancers WHERE scheme = 'internet-facing'; | ||
| ``` | ||
|
|
||
| #### Find all unencrypted RDS instances | ||
|
|
||
| ```sql | ||
| SELECT * from aws_rds_clusters where storage_encrypted = 0; | ||
| ``` | ||
|
|
||
| #### Find all unencrypted buckets | ||
|
|
||
| ```sql | ||
| SELECT * from aws_rds_clusters where storage_encrypted = 0; | ||
| ``` |