search

turbot / steampipe

Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
https://steampipe.io
GNU Affero General Public License v3.0
6.92k stars 274 forks source link

Steampipe Tag-Based Scanning AWS Resources #4029

Closed CansuCandan closed 7 months ago

CansuCandan commented 10 months ago

Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like A clear and concise description of what you want to happen.

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

Additional context Add any other context or screenshots about the feature request here.

CansuCandan commented 10 months ago

Hello,

I hope this message finds you well.

I am writing to seek guidance regarding a specific issue we are encountering with tag-based scanning of our AWS resources using Steampipe. Our team has utilized the steampipe-mod-aws-well-architected module for this purpose, following the steps below:

Cloning the repository: git clone https://github.com/turbot/steampipe-mod-aws-well-architected.git Navigating to the directory: cd steampipe-mod-aws-well-architected Modifying the steampipe.spvars file to include:

Dimensions

common_dimensions = ["account_id", "region"] tag_dimensions = ["Environment", "Prod"]

Our objective is to scan AWS resources that are specifically tagged with Key: "Environment" and Value: "Prod". However, upon executing the command steampipe check all --var='mandatory_tags=["Environment", "Prod"]', Steampipe continues to scan all AWS resources, not just those matching our specified tags.

We are keen to understand how we can modify our approach to ensure that only resources with the specified tags are scanned. Any insights or step-by-step guidance you can provide on this matter would be greatly appreciated.

Thank you in advance for your assistance. I look forward to your expert advice on resolving this issue.

e-gineer commented 10 months ago

The tag_dimensions variable expects a list of tag key names. The key/value of these tags will then be added as dimensions (i.e. metadata) to the output of each control in the results.

Unfortunately there is no way to target the scan at particular resources by tag. AWS does not provide a reliable or repeatable way to filter resources by tag across their APIs.

So, one option is to:

  1. Add the tag key you want to filter on as a tag_dimension.
  2. Run the check, output to CSV.
  3. Use a spreadsheet or the CSV steampipe plugin to filter the results to the tag you care about.

I hope that helps!

github-actions[bot] commented 8 months ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.

github-actions[bot] commented 7 months ago

This issue was closed because it has been stalled for 90 days with no activity.