Skip to main content

Getting Started with GCP

Download and Install

You can download the precompiled binary from releases, or using CLI:

curl -L https://github.com/cloudquery/cloudquery/releases/latest/download/cloudquery_linux_x86_64 -o cloudquery
chmod a+x cloudquery

Running

Init command

After installing CloudQuery, you need to generate a cloudquery.yml file that will describe which cloud provider you want to use and which resources you want CloudQuery to ETL:

cloudquery init gcp

# cloudquery init gcp aws # This will generate a config containing gcp and aws providers
# cloudquery init --help # Show all possible auto generated configs and flags

All official and approved community providers are listed at CloudQuery Hub with their respective documentation.

Spawn or connect to a Database

CloudQuery needs a PostgreSQL database (>=10). You can either spawn a local one (usually good for development and local testing) or connect to an existing one.

By default, cloudquery will try to connect to the database postgres on localhost:5432 with username postgres and password pass. After installing docker, you can create such a local postgres instance with:

docker run --name cloudquery_postgres -p 5432:5432 -e POSTGRES_PASSWORD=pass -d postgres

If you are running postgres at a different location or with different credentials, you need to edit cloudquery.yml - see the Connect to an Existing Database tab.

Authenticate with GCP

CloudQuery needs to be authenticated with your GCP account in order to fetch information about your cloud setup.

info

CloudQuery requires only read permissions (we will never make any changes to your cloud setup), so, following the principle of least privilege, it's recommended to grant it read-only permissions.

You need to set the GOOGLE_APPLICATION_CREDENTIALS environment variable - see GCP documentation for more details on where to get it.

export GOOGLE_APPLICATION_CREDENTIALS={Path to your google credentials}

Fetch Command

Once cloudquery.yml is generated and you are authenticated with GCP, run the following command to fetch the resources.

cloudquery fetch
# cloudquery fetch --help # Show all possible fetch flags

Exploring and Running Queries

Once CloudQuery fetched the resources, you can explore your cloud infrastructure with SQL!

You can use psql to connect to your postgres instance (of course, you need to change the connection-string to match the location and credentials of your database):

psql "postgres://postgres:[email protected]:5432/postgres?sslmode=disable"

Schema and tables for GCP are available in CloudQuery Hub.

Here is an example query for GCP:

Find all buckets Without uniform bucket level access

SELECT project_id, name, self_link AS link
FROM gcp_storage_buckets
WHERE iam_configuration_uniform_bucket_level_access_enabled = FALSE;

Policy Command

CloudQuery Policies allow users to write security, governance, cost, and compliance rules, using SQL as the query layer and HCL as the logical layer.

All official and approved community policies are listed on CloudQuery Hub.

Execute a policy

All official policies are hosted at https://github.com/cloudquery-policies.

cloudquery policy run gcp//cis_v1.2.0

Next Steps

At Cloudquery Hub, you can read more about the CloudQuery GCP provider - including exploring the SQL schema, and advanced configurations.