When running a policy with
cloudquery policy run, you can choose from several options, including a remote policy (CloudQuery Hub or GitHub), or a local policy from your filesystem.
You can run policies from the official cloudquery hub by simply specifying their name:
cloudquery policy run aws # Also accepts: "gcp", "azure", "k8s"
Local path references allow for running local policies or while developing new policies.
cloudquery policy run "./path/to/policy/directory"
A local path can be supplied either with a full path or a relative path.
When specifying a local policy, you must specify the path to a directory.
This directory must contain a valid policy file named
See also the tutorial on custom policies.
CloudQuery will recognize prefixed github.com URLs and interpret them automatically as Git repository sources.
cloudquery policy run https://github.com/cloudquery-policies/aws
The above will clone the repository with HTTPS. To clone using SSH, use the following form: `[email protected]:cloudquery-policies/aws.git"
Generic Git Repository
Arbitrary Git repositories can be used by prefixing the address with the special
git:: prefix. After this prefix, any valid Git URL can be specified to select one of the protocols supported by Git.
For example, to use HTTPS or SSH:
cloudquery policy run git::https://github.com/cloudquery-policies/aws.git
Git repositories are cloned using the
git clone command, so it will respect any local Git credentials that were already set in your system. To access private Git repositories, configure your git with the suitable credentials for that repository.
Use SSH to access private Git repositories from automated systems because it allows access to private repositories without interactive prompts.
Selecting a Revision
By default, CloudQuery will clone the latest tagged version of the policy.
You can override this using the
@ query parameter.
The value of the
@ parameter can be any reference accepted by the
git checkout command, such as commit hash, tag name or branch.
cloudquery policy run "git::https://github.com/cloudquery-policies/aws.git?ref=v0.0.1"
cloudquery policy run "github.com/cloudquery-policies/aws.git?ref=96886a4"
cloudquery policy run "github.com/cloudquery-policies/[email protected]"