Quick Start

Download & Install

You can download the precompiled binary from releases, or using CLI:

Pre-Compiled Binaries
Pre-Compiled Binaries

Download latest version:

export OS=Darwin # Possible values: Linux,Windows,Darwin
curl -L https://github.com/cloudquery/cloudquery/releases/latest/download/cloudquery_${OS}_x86_64 -o cloudquery
chmod a+x cloudquery

Download specific version:

export OS=Darwin # Possible values: Linux,Windows,Darwin
export VERSION= # specifiy a version
curl -L https://github.com/cloudquery/cloudquery/releases/download/${VERSION}/cloudquery_${OS}_x86_64 -o cloudquery
brew install cloudquery/tap/cloudquery
# After initial install you can upgrade the version via:
brew upgrade cloudquery

config.yml should be mounted so cloudquery can read it

# Dockers are hosted at github container registry https://github.com/orgs/cloudquery/packages/container/package/cloudquery
docker pull ghcr.io/cloudquery/cloudquery:latest
docker run -v /data:/data -it ghcr.io/cloudquery/cloudquery:latest --path /data/config.yml --dsn "host=localhost user=postgres password=pass DB.name=postgres port=5432"


Currently, we support: AWS, Azure, GCP, Okta. If you want us to add a new provider or resource please open an Issue.

First generate a config.yml file that will describe which resources you want cloudquery to pull, normalize and transform resources to the specified SQL database by running the following command:

./cloudquery gen config aws
# ./cloudquery gen config gcp okta # This will generate a config containing gcp and okta providers
# ./cloudquery gen config --help # Show all possible auto generated configs and flags

Once your config.yml is generated run the following command to fetch the resources (you need to be authenticated - see relevant section under each provider):

./cloudquery fetch
# ./cloudquery fetch --help # Show all possible fetch flags

If you used the default sqlite provider you can run the following example queries

List ec2_images:

SELECT * FROM aws_ec2_images;

Find all public facing AWS load balancers:

SELECT * FROM aws_elbv2_load_balancers WHERE scheme = 'internet-facing';

Running policy packs

cloudquery comes with some ready compliance policy pack which you can use as is or modify to fit your use-case.

Currently, cloudquery support AWS CIS policy pack (it is under active development, so it doesn't cover the whole spec yet).

To run AWS CIS pack enter the following commands (make sure you fetched all the resources beforehand by the fetch command):

./cloudquery gen policy aws_cis
./cloudquery query