packages/dev-environment/config/cloudquery.yaml (47 lines of code) (raw):
kind: source
spec:
name: 'aws'
path: 'cloudquery/aws'
version: v${CQ_AWS}
destinations: ['postgresql']
tables:
- aws_lambda_functions
- aws_securityhub_findings
- aws_s3_buckets
- aws_ec2_images
- aws_organizations_accounts
- aws_organizations_account_parents
- aws_organizations_organizational_units
- aws_organizations_organizational_unit_parents
- aws_organizations_roots
skip_dependent_tables: true
spec:
regions:
- eu-west-1
- us-east-1
accounts:
- id: 'deployTools'
local_profile: 'deployTools'
table_options:
aws_securityhub_findings:
get_findings: # https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecurityFindingFilters.html
- filters: # https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_StringFilter.html
record_state:
- comparison: 'EQUALS'
value: 'ACTIVE'
compliance_status:
- comparison: 'NOT_EQUALS'
value: 'PASSED'
workflow_status:
- comparison: 'NOT_EQUALS'
value: 'RESOLVED'
---
kind: destination
spec:
name: 'postgresql'
registry: 'github'
path: 'cloudquery/postgresql'
version: v${CQ_POSTGRES_DESTINATION}
# Automatically apply migrations whenever plugins are updated.
# Note: This is not encouraged if risk averse, so we should consider removing this once fully in production.
# See: https://www.cloudquery.io/docs/advanced-topics/managing-versions#managing-plugin-versions
migrate_mode: 'forced'
spec:
connection_string: ${DATABASE_URL}