Prepare the environment

No prep - PowerPipe is installed via an install script (it's just easier that way)

Updates

PowerPipe, and Modules are updated at container image start-up

Modules

All modules can be found in /opt/Powerpipe/ Review the specific documentation for each module for additional information

Runtime

PowerPipe replaces Steampipe but requires steampipe to be running.

cd /opt/Powerpipe
steampipe service start

List Benchmarks

powerpipe benchmark list

Filter for CIS Benchmarks example

powerpipe benchmark list | grep cis

Run Benchmark and save to PPS file (consumable by PowerPipe)

Note: Authentication is not handled by PowerPipe, authentication and subscription/account/project MUST be defined ahead of execution.

powerpipe benchmark run aws_compliance.benchmark.cis_v300 --output pps >[filename].pps

Run Benchmark and save to HTML file (Steampipe lok atm ick feel)

Note: Authentication is not handled by PowerPipe, authentication and subscription/account/project MUST be defined ahead of execution.

powerpipe benchmark run aws_compliance.benchmark.cis_v300 --output html >[filename].html

Run Benchmark and save to text file (with colour)

Note: Authentication is not handled by PowerPipe, authentication and subscription/account/project MUST be defined ahead of execution.

unbuffer powerpipe benchmark run aws_compliance.benchmark.cis_v300 --output txt >[filename].txt

Report Files

Report files will be generated in the current folder, move these to /output/ and then out of the container

Review Report files

Using PowerPipe dashboard

1. Excute the following command in the container powerpipe server
2. Navigate to http://localhost:9033/
3. Select "Open Snapshot" and select pps file exported earlier.