Skip to main content

Storage

Store the results of a cloudquery policy run invocation directly in the Postgres Database that holds the configuration data. This enables users to unlock more downstream workflows like monitoring security results in your favorite BI tool and alerting.

To enable storing the policy results:

  1. Use the --enable-db-persistence flag when invoking

    cloudquery policy run <policy-name> --enable-db-persistence
  2. Add a policy block to your existing cloudquery block in order to specify what to do with the policy results

    cloudquery {
    policy {
    db_persistence = true
    }
    }

Table Schema

All results are stored in the cloudquery schema within the postgres database.

Table: cloudquery.policy_executions

Holds information about the source of the policy and high level metrics about the execution run

Columns

NameTypeDescription
iduuidUnique identifier for policy run
timestamptimestampTimestamp at which the policy run began
schemetextURL scheme that defines from where the policy was loaded
locationtextFull path that defines from where the policy was loaded
policy_nametextName of the policy
selectortextUser defined path selector
sha256_hashtexthash of the policy to be able to compare multiple versions of the same policy
versiontextVersion identifier for the policy
checks_totalintNumber of checks that were run
checks_failedintNumber of checks that failed
checks_passedintNumber of checks that passed

Table: cloudquery.check_results

Holds information about the source of the policy and high level metrics about the execution run

Columns

NameTypeDescription
execution_iduuid(FK)
execution_timestamptimestampTimestamp at which the check run began
nametextName of check
selectortextPath that fully defines the check within a specific policy
descriptiontextDescription of the check
statustextFinal status of the check
raw_resultsjsonbRaw output of the results returned by the check
errortextAny errors that occurred during the execution of the check