Quick Start

Download & Install

You can download the precompiled binary from releases, or using CLI:

Pre-Compiled Binaries
Pre-Compiled Binaries

Download latest version:

export OS=Darwin # Possible values: Linux,Windows,Darwin
curl -L https://github.com/cloudquery/cloudquery/releases/latest/download/cloudquery_${OS}_x86_64 -o cloudquery
chmod a+x cloudquery

Download specific version:

export OS=Darwin # Possible values: Linux,Windows,Darwin
export VERSION= # specifiy a version
curl -L https://github.com/cloudquery/cloudquery/releases/download/${VERSION}/cloudquery_${OS}_x86_64 -o cloudquery
brew install cloudquery/tap/cloudquery
# After initial install you can upgrade the version via:
brew upgrade cloudquery

config.yml should be mounted so cloudquery can read it

# Dockers are hosted at github container registry https://github.com/orgs/cloudquery/packages/container/package/cloudquery
docker pull ghcr.io/cloudquery/cloudquery:latest
docker run -v /data:/data -it ghcr.io/cloudquery/cloudquery:latest --path /data/config.yml --dsn "host=localhost user=postgres password=pass DB.name=postgres port=5432"


Currently, we support: AWS, Azure, GCP, Okta. If you want us to add a new provider or resource please open an Issue.

First generate a config.hcl file that will describe which resources you want cloudquery to pull, normalize and transform resources to the specified SQL database by running the following command:

./cloudquery init aws
# ./cloudquery init gcp aws # This will generate a config containing gcp and aws providers
# ./cloudquery init --help # Show all possible auto generated configs and flags

Once your config.hcl is generated run the following command to fetch the resources (you need to be authenticated - see relevant section under each provider):

./cloudquery fetch
# ./cloudquery fetch --help # Show all possible fetch flags

Once your provider has fetched resources you can run the following example queries

List ec2_images:

SELECT * FROM aws_ec2_images;

Find all public facing AWS load balancers:

SELECT * FROM aws_elbv2_load_balancers WHERE scheme = 'internet-facing';

Running policy packs

CloudQuery comes with some ready compliance policy pack which you can use as is or modify to fit your use-case.

Currently, cloudquery support AWS CIS policy pack (it is under active development, so it doesn't cover the whole spec yet).

To run a pack enter the following commands (make sure you fetched all the resources beforehand by the fetch command):

./cloudquery policy --path=<PATH_TO_POLICY_FILE> --output=<PATH_TO_OUTPUT_POLICY_RESULT>