Steampipe is an open-source tool that can query cloud services rapidly, at scale, using SQL as the common way to access the APIs of AWS, GitHub, Kubernetes, M365, and more than 100 others. For example, Steampipe maps the AWS APIs to over 400 tables, with extensive copy-and-run examples for each table. If you've been writing Python scripts to gather and analyze data from these APIs, you'll want to give Steampipe a try. We bet you'll retire those Python scripts because accessing APIs with Steampipe, both within and across providers, is an easier, faster, and better way to get the job done.
Compliance benchmarks layered on the Steampipe core provide suites of controls that implement recommendations from CIS, GDPR, HIPAA, NIST 800-53, PCI, SOC2, and other frameworks. Use these benchmarks to assure that your own infrastructure, as well as what you deploy into clients' environments, complies with best- practice security recommendations.
Cost controls like AWS Thrifty help you save money by identifying underutilized resources.
Dashboards like Kubernetes Insights use infocards, tables, charts, and relationship graphs to answer common questions like:
-
What are the various configurations of my Kubernetes resources?
-
What are the relationships between closely connected resources like clusters, nodes, pods, deployments and jobs?
-
Who can perform operations like list, get, and read on my Kubernetes resources?
The underlying queries and controls that power benchmarks and dashboards are all open source, available to be reused and remixed. CMD Solutions has implemented continuous controls assurance that way, and Pix built a custom dashboard to monitor migrations.
Steampipe is a versatile component that integrates into any cloud shell or CI/CD pipeline, and can be used with any programming language or BI tool.
To get started, download Steampipe, install one or more plugins, then try out some benchmarks and dashboards. Or sign up for the free preview of cloud.steampipe.io for a team experience with centralized credentials, shared benchmarks and dashboards, and scheduled queries or snapshots that can notify Slack or MS Teams. Either way, you’re welcome to join our Slack community where friendly Steampipers are always happy to answer questions and explore interesting ways to use this multifaceted tool.