Introduction

Two weeks ago, I published a blog post about the product Turbot Pipes in the Cloud (SaaS). I hinted that something similar with potentially less functionality could also be possible locally on your own machine or server, especially if you’re not a big fan of SaaS solutions or need to adhere to company policies.

Today, I’m going to show you how you can set up a similar setup with Powerpipe on your own computer, allowing you to, for example, check your tenant against CIS controls.

Prerequisites

The following prerequisites must be met in order to follow the tutorial:

Operating system

• macOS
• Linux
• Windows with WSL 2.0 and Ubuntu 20.04.1 LTS

Database

• Postgres
• MySQL
• SQLite
• DuckDB

Microsoft Azure

• Tenant access
• App Registration

Installing Powerpipe

I’m installing Powerpipe on my macOS. You can find instructions on how to install it on other operating systems like Linux or Windows with WSL 2.0 here: Install Powerpipe

1. Install Powerpipe with macOS package manager Homebrew
   brew install turbot/tap/powerpipe
2. Check installed version
   powerpipe -v
3. Initialize Powerpipe and make it ready to use
   powerpipe mod init

Powerpipe Server starting

Since Powerpipe currently supports five different databases, there are accordingly four possible ways Powerpipe can be started as a server with the respective database.

Steampipe integrated database (Recommended)
brew install turbot/tap/steampipe -> For macOS
steampipe service start

Postgres
powerpipe server postgres://myusername:[email protected]:9193/steampipe

MySQL
powerpipe server –database ‘mysql://root:my_pass@tcp(localhost)/mysql’

SQLite
powerpipe server –database ‘sqlite:./my_sqlite_db.db’

DuckDB
powerpipe server –database ‘duckdb:./my_ducks.db’

Once the Powerpipe server has successfully started, the URL http://localhost:9033 can be opened in the browser. Initially, this will look very empty without any dashboards.

How to install Azure CIS dashboard ?

In order for the Azure Compliance dashboard to be fully utilized in your local Powerpipe as in Turbot Pipes, a few additional installations are needed, such as Steampipe and Azure Compliance dashboard.

1. Install Steampipe with macOS package manager Homebrew
   brew install turbot/tap/steampipe
2. Install Azure plugins for Steampipe
   steampipe plugin install azure
3. Install mod/dashboard
   powerpipe mod install github.com/turbot/steampipe-mod-azure-compliance
4. You can store the Azure App Registration credentials for the connection at the following location: -> ~/.steampipe/config/azure.spc
   tenant_id = “00000000-0000-0000-0000-000000000000”
   subscription_id = “00000000-0000-0000-0000-000000000000”
   client_id = “00000000-0000-0000-0000-000000000000”
   client_secret = “~dummy@3password”
5. Restart the Powerpipe server according to the description above.
6. Open the Powerpipe Dashboard in the browser at http://localhost:9033
   

Conclusion

Personally, I find Powerpipe in combination with Steampipe a good alternative to the SaaS solution Turbot Pipes. Depending on the use case, it can make sense to switch to the self-hosted solution, for example, for compliance reasons, if data is not allowed to leave certain data centers or locations.

Powerpipe/Steampipe offers many more dashboards, but they would go beyond the scope of this blog article. Feel free to check out the Powerpipe Hub, where you’ll find a wide variety of existing dashboards.

Source: Powerpipe | Dashboards for DevOps.