Skip to main content

· 4 min read

In this blog post you will learn how to build an open-source cloud asset inventory with CloudQuery and Grafana.

General architecture:

  • CloudQuery will take care of extracting, transforming and loading all your assets, across cloud and SaaS apps to PostgreSQL.
  • Grafana will be used to query, visualize, monitor, and alert.

This is what you will get:

  • All your assets configuration across cloud providers and SaaS apps in one database
  • Vanilla PostgreSQL
  • Reuse your current (assuming you use Grafana) visualization, monitoring and alerting workflows - send reports and alerts via email, slack.
  • 3 out-of-the-box Grafana Dashboards filterable asset inventory dashboards for AWS and GCP including security & compliance dashboards.

· 4 min read

Today, we announced that CloudQuery has raised $3.5 million in seed funding led by Boldstart Ventures, with participation from work-bench, Mango Capital and Haystack. We’d love to share a bit about CloudQuery, our journey, and what the future holds for our open-source project and the community.

CloudQuery is the open-source cloud asset inventory powered by SQL, enabling developers to assess, audit, and monitor the configuration of your cloud assets.

· 3 min read

In Google Cloud Platform (GCP) it is common to have multiple projects for different environments (like dev, staging, prod, prod-team1, etc.). It is also a common use-case to have one set of credentials (service account) to access multiple accounts, For example:

  • Auditing: one service account with read-only access to all projects
  • Multi-project access/communication: one service in one project might need access/communicate to other services in different projects.

In this tutorial we will show you how to create one service account in GCP that can access multiple projects either under the same organization/account or even completely different accounts (for AWS users this is the GCP's assume role equivalent).

· 8 min read

AWS SSO and AWS Organization were released around 2017 and are probably the best way to manage AWS access at scale.

"AWS Single Sign-On (SSO) is a cloud SSO service that makes it easy to centrally manage SSO access to multiple AWS accounts and business applications. It enables users to sign in to an AWS IAM user with their existing corporate credentials and access all of their assigned accounts and applications from one place." Quote From AWS SSO page

This is a huge security and operational win, some highlights:

  • No need to rotate another new password in AWS IAM
  • 2FA is already managed at your IdP (Google Workspace (G Suite)/Okta/AzureAD) level
  • When a user is leaving an organization he is automatically removed access from the organization
  • Easily automate the provisioning of AWS access when a user joins an organisation or department

In this article we, will go through a step-by-step guide to set-up AWS SSO with Google Workspace (previously G Suite) as an IdP. If you are using Google Workspace and use it as your central directory, this is the guide for you.