Skip to main content


Does CloudQuery access any application data in my cloud?

No. CloudQuery only access meta-data and configuration data. It never pulls data from your application databases or cloud storage files.

What is "//"? How is it different from "/" and where should it go?

The // indicator is used when specifying a subpolicy/subquery for cloudquery policy run. It is an idiosyncrasy of the way the cloudquery CLI works - it separates the "path to the policy" from the "path to the subpolicy (in the policy)". It must always appear right after the root policy.

So, if the policy I'd like to run is ./my_policy, and I would like to run the old-stopped-ec2-instances query in the ec2 subpolicy, I would use:

cloudquery policy run ./my_policy//ec2/old-stopped-ec2-instances

It is worth mentioning here that the cloudquery CLI also supports running policies from our official github. The // separator serves the same function described above - separating the "path to the policy" from the "path inside the policy". In case of running policies from github, it helps the cloudquery CLI to know which repository to clone.

So, to run the foundational_security subpolicy in the aws policy, we run.

cloudquery policy run aws//foundational_security