AWS recently examined the use of AWS Insights Mod, based on Steampipe, an open-source tool that defines over 650 queries and displays their results on 84 dashboards.
The AWS Insights Mod fast-tracks audit and compliance across multiple AWS accounts and resources while expressing the queries and visualisations as HCL and SQL code. The AWS Insights Mod, developed by Steampipe, the organisation behind the open-source tool of the same name, builds on the "dashboards as code" functionality announced as Steampipe Dashboards earlier in the year. The mod contains several queries to help cloud-governance teams answer common questions like "How many of our buckets have public access?" or "Do I have VPCs without subnets?"
For the card with the count of public access, the HCL code behind it is:
dashboard "aws_s3_bucket_public_access_report" {
title = " AWS S3 Bucket Dashboard"
container {
card {
sql = query.aws_s3_bucket_public_block_count.sql
width = 2
href = dashboard.aws_s3_bucket_public_access_report.url_path
}
}
}
The associated query for the above section of the dashboard is:
query "aws_s3_bucket_public_block_count" {
sql = <<-EOQ
select
count(*) as value,
'Public Access Not Blocked' as label,
case count(*) when 0 then 'ok' else 'alert' end as "type"
from
aws_s3_bucket
where
not block_public_acls
or not block_public_policy
or not ignore_public_acls
or not restrict_public_buckets;
EOQ
}
By making use of the AWS plugin, the dashboard is able to perform these queries across as many AWS accounts as possible. The above approach also extends to a number of Steampipe plugins which include compliance audits such as PCI, HIPAA and SOC2.
Deepfence, the organisation behind the open-source security observability platform ThreatMapper, recently integrated Steampipe into ThreatMapper’s scanning functionality. This enhances ThreatMapper's existing container and infrastructure scanning against OpenSCAP benchmarks with an inventory of non-container based cloud assets.
Steampipe is often compared with CloudQuery, another cloud inventory solution which uses SQL as its language for analysis and investigation. In a thread on Reddit, user lloesche comments on the ease with which one can get started with Steampipe. Another user jekapats, a CloudQuery author, suggests CloudQuery as the tool of choice over Steampipe when the number of accounts is very large, 10,000 or more.
The current release of the AWS Insights Mod supports 15 different AWS services such as RDS, KMS, S3, and Lambda. The repository is on GitHub and a Slack workspace is available.
