DEV Community

bob-bot for AWS Community Builders

Posted on

Instantly query AWS with SQL in CloudShell

AWS CloudShell makes it easy to spin up a terminal right in your AWS account. CloudShell comes preinstalled with the AWS CLI and your credentials within the applicable account. Since CloudShell is just like any other terminal, you have the ability to bootstrap other tools without the need to spin up an instance. I personally find CloudShell useful for ad hoc actions I need to take in AWS CLI or with other open source tools.

As a lead on our open source tool, I am a heavy user of the Steampipe CLI often running Steampipe on my local machine to run aggregated queries & reports across an AWS multi-account environment and other cloud accounts. When I am working with clients in their AWS accounts, I find it easy to work within their account structure vs setting up a local profile. In this case I find AWS CloudShell a quick win for being a guest in another account to bootstrap my tools in a temporary environment under their control.

In this post will walk through how to install Steampipe in your AWS CloudShell.

Steampipe Background

With Steampipe, you can instantly query your AWS APIs using SQL right in your terminal.


| title           | create_date         | mfa_enabled |
| pam_beesly      | 2005-03-24 21:30:00 | false       |
| creed_bratton   | 2005-03-24 21:30:00 | true        |
| stanley_hudson  | 2005-03-24 21:30:00 | false       |
| michael_scott   | 2005-03-24 21:30:00 | false       |
| dwight_schrute  | 2005-03-24 21:30:00 | true        |
Enter fullscreen mode Exit fullscreen mode

It takes just a few seconds to install Steampipe itself, along with the AWS plugin that maps AWS API calls to Postgres tables.

Steampipe will resolve your region and credentials using the same mechanism as the AWS CLI (AWS environment variables, default profile, etc). Note: more can be extended for querying multiple accounts, regions, configuring credentials from your AWS Profiles, SSO, aws-vault etc.

AWS CloudShell + Steampipe

Alternatively you can use CloudShell to install Steampipe directly in your AWS Account. With CloudShell your credentials you use to sign into the AWS console are already forwarded to CloudShell. Since Steampipe will default to your local AWS credentials, from a cold start, you're querying AWS APIs with SQL in a matter of seconds.

Install Steampipe in CloudShell

Go to your AWS CloudShell, install Steampipe:

$ sudo /bin/sh -c "$(curl -fsSL"
Applying necessary permissions
Steampipe was installed successfully to /usr/local/bin/steampipe
Enter fullscreen mode Exit fullscreen mode

Install the AWS plugin

Now with Steampipe installed, you can install the AWS plugin:

$ steampipe plugin install aws

Installed plugin: aws v0.57.0
Enter fullscreen mode Exit fullscreen mode

Run a SQL query!

Now you are ready to run a SQL query. Since CloudShell already has the credentials in place, you can simply get started:

$ steampipe query
Welcome to Steampipe v0.13.6
For more information, type .help
> select * from aws_s3_bucket
| name                                 |
| jon-turbot-test-bucket-01            |
| cf-templates-1s5tzrjxv4j52-us-west-1 |
Enter fullscreen mode Exit fullscreen mode

CloudShell takes full advantage of the Steampipe CLI components so you can inspect tables, configure environment variables, visualize syntax highlighting, select autofill suggestions, etc.

Image description

Final Thoughts

I enjoy using AWS CloudShell for ad hoc actions with AWS CLI and Steampipe within a specific AWS Account. Interested to learn from others on how you use CloudShell in your environment; what are your use cases and how often do you use CloudShell?

Top comments (0)