{"id":13533397,"url":"https://github.com/cloudgraphdev/cli","last_synced_at":"2025-04-01T21:32:21.188Z","repository":{"id":37631783,"uuid":"399247369","full_name":"cloudgraphdev/cli","owner":"cloudgraphdev","description":"The universal GraphQL API and CSPM tool for AWS, Azure, GCP, K8s, and tencent.","archived":false,"fork":false,"pushed_at":"2023-11-13T03:49:02.000Z","size":57808,"stargazers_count":889,"open_issues_count":7,"forks_count":40,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-03-07T15:40:48.493Z","etag":null,"topics":["aws","azure","cis","cloud","cspm","developer-tools","devops","devops-tools","gcp","graphql","iso","kubernetes","nist","pci","security","security-audit","security-tools","tencent"],"latest_commit_sha":null,"homepage":"https://www.cloudgraph.dev/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cloudgraphdev.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-08-23T21:04:18.000Z","updated_at":"2025-02-18T06:09:01.000Z","dependencies_parsed_at":"2023-01-29T00:31:28.668Z","dependency_job_id":"9a21f202-b093-44ad-8079-1f58e222bfb2","html_url":"https://github.com/cloudgraphdev/cli","commit_stats":{"total_commits":556,"total_committers":14,"mean_commits":"39.714285714285715","dds":0.7482014388489209,"last_synced_commit":"03f682c24e6154020020a5888fb06e082be30c84"},"previous_names":[],"tags_count":179,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudgraphdev%2Fcli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudgraphdev%2Fcli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudgraphdev%2Fcli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudgraphdev%2Fcli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cloudgraphdev","download_url":"https://codeload.github.com/cloudgraphdev/cli/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246713366,"owners_count":20821877,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","azure","cis","cloud","cspm","developer-tools","devops","devops-tools","gcp","graphql","iso","kubernetes","nist","pci","security","security-audit","security-tools","tencent"],"created_at":"2024-08-01T07:01:19.456Z","updated_at":"2025-04-01T21:32:16.173Z","avatar_url":"https://github.com/cloudgraphdev.png","language":"TypeScript","readme":"\u003cbr /\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/cloudgraphdev/cli/raw/main/docs/images/logo.png\"\u003e\n    \u003cimg alt=\"CloudGraph\" src=\"https://github.com/cloudgraphdev/cli/raw/main/docs/images/logo.png\" width=\"75%\" style=\"display: block; margin: auto\" /\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n\u003cbr /\u003e\n\u003cbr /\u003e\n\nCloudGraph is the free open-source universal **GraphQL API and Cloud Security Posture Management (CSPM) tool for AWS, Azure, GCP, and K8s**. With CloudGraph you get:\n\n- Free and effortless _compliance checks_ (i.e. Azure CIS 1.3.1, GCP CIS 1.2, AWS CIS 1.2, AWS CIS 1.3, AWS CIS 1.4, AWS PCI 3.2.1, AWS NIST 800-53 Rev. 4)\n- _Type-Safe asset inventories_ for all of your resources in all of your cloud environments\n- Automatically generated documentation and query validation - know if your query is valid before you send it!\n- Full resource data including _relationships_ between resources so you can understand context\n- Historical snapshots of your data over time\n- A single endpoint to query all of your cloud data at once (i.e. get AWS + GCP data in the same query, or compare AWS stage with AWS prod)\n- Enhanced billing data (AWS only)\n- Enhanced CloudWatch data (AWS EC2 only)\n\nCloud Graph lets you **Know your cloud** in 5 minutes. Built and maintained with love by the team at ❤️ [AutoCloud](https://www.autocloud.dev/) ❤️\n\n\u003cbr /\u003e\n\n🌐 [Website](https://www.cloudgraph.dev)\n\n💻 [Documentation](https://docs.cloudgraph.dev)\n\n💰 [Get paid to build CloudGraph providers](https://github.com/cloudgraphdev/cli/blob/main/CONTRIBUTING.md)\n\n\u003cbr /\u003e\n\n[![oclif](https://img.shields.io/badge/cli-oclif-brightgreen.svg)](https://oclif.io)\n[![Version](https://img.shields.io/npm/v/@cloudgraph/cli.svg)](https://npmjs.org/package/@cloudgraph/cli)\n![node-current](https://img.shields.io/node/v/@cloudgraph/cli)\n[![Downloads/week](https://img.shields.io/npm/dw/@cloudgraph/cli.svg)](https://npmjs.org/package/@cloudgraph/cli)\n[![License](https://img.shields.io/npm/l/@cloudgraph/cli.svg)](https://github.com/cloudgraphdev/cli/blob/main/package.json)\n![GitHub commit activity](https://img.shields.io/github/commit-activity/y/cloudgraphdev/cli)\n![GitHub contributors](https://img.shields.io/github/contributors/cloudgraphdev/cli)\n![GitHub issues](https://img.shields.io/github/issues/cloudgraphdev/cli)\n\n\u003cbr /\u003e\n\n\u003ch2 align=\"center\"\u003eJoin the conversation\u003c/h2\u003e\n\n[![Slack](https://img.shields.io/badge/slack-chat-E01563)](https://cloudgraph-workspace.slack.com)\n[![Tweet](https://img.shields.io/twitter/url?style=social\u0026url=https%3A%2F%2Fgithub.com%2Fcloudgraphdev%2Fcli)\n](https://twitter.com/share?ref_src=twsrc%5Etfw\u0026text=Check%20out%20CloudGraph.%20The%20GraphQL%20api%20for%20AWS,%20Azure,%20GCP,%20and%20more!)\n![Twitter Follow](https://img.shields.io/twitter/follow/AutoCloudDev?style=social)\n\n\u003c!-- toc --\u003e\n* [Amazing companies using CloudGraph\\*\\*](#amazing-companies-using-cloudgraph)\n* [Why CloudGraph](#why-cloudgraph)\n* [How It Works](#how-it-works)\n* [Authentication and Permissions](#authentication-and-permissions)\n* [Install](#install)\n* [Quick Start](#quick-start)\n* [Loading Previous Versions](#loading-previous-versions)\n* [Supported Services](#supported-services)\n* [Example Queries](#example-queries)\n* [Query Tools](#query-tools)\n* [Community](#community)\n* [Contribution Guidelines](#contribution-guidelines)\n* [Deployment Options](#deployment-options)\n* [Hosted Version](#hosted-version)\n* [Debugging](#debugging)\n* [Common Errors](#common-errors)\n* [Commands](#commands)\n\u003c!-- tocstop --\u003e\n\n\u003cbr /\u003e\n\n# Amazing companies using CloudGraph\\*\\*\n\n- [AWS](https://aws.amazon.com/)\n- [Microsoft](https://www.microsoft.com/)\n- [Oracle](https://www.oracle.com/index.html)\n- [IBM](https://www.ibm.com/us-en/)\n- [NASA](https://www.nasa.gov/)\n- [Grafana](https://grafana.com/)\n- [Pinterest](https://www.pinterest.com/)\n- [Zendesk](https://www.zendesk.com/)\n- [McKinsey](https://www.mckinsey.com/)\n- [Pulumi](https://www.pulumi.com/)\n- [Siemens](https://www.siemens.com/)\n- [MasterCard](https://www.mastercard.us/en-us.html)\n\n\\*\\* usage does not imply endorsement\n\n# Why CloudGraph\n\nAWS, Azure, and GPC have done a wonderful job of building solutions that let engineers like us create systems to power our increasingly interconnected world. Over the last 15 years, products such as EC2, S3, RDS, and Lambda have fundamentally changed how we think about computing, storage, and databasing.\n\n\u003cbr /\u003e\n\nWith the proliferation of Kubernetes and Serverless in the last 5 or so years, cloud services have become increasingly abstract on top of racks of physical servers. To end-users, everything on the cloud is just an API, so we don't necessarily need to know how Lambda Functions or EKS work under the hood to be able to use them for building applications. With a little documentation, API or console access, and a tutorial anyone can pretty much create anything they need.\n\n\u003cbr /\u003e\n\nThese abstractions have led to massive improvements in the overall convenience and breadth of CSP service offerings. What was once a painstaking, time-consuming, and error-prone process of provisioning new servers, databases, or filesystems can now be done in seconds with just the click of a button or deployment of IAC. Since everything is just an API abstraction, when a CAP is ready to introduce a new \"product\" they simply need to expose a new API - yes, I'm of course simplifying slightly :)\n\n\u003cbr /\u003e\n\nAnyone familiar with the CSPs knows that service APIs are almost always split into modular namespaces that contain dozens, if not hundreds, of separate API methods for single resources. For example, the AWS EC2 service contains over 500 different API methods, with new ones added occasionally. Any company building substantial systems on a CSP is likely using many, many different services.\n\n\u003cbr /\u003e\n\nWhile a masterpiece of datacenter architecture, this choice of hundreds of services and configuration options put the burden of knowledge on how to properly use these services squarely on us engineers. As a result, we find ourselves having to constantly stay up to date and learn about all the service offerings or new changes. This takes a significant amount of time and mental energy. As developers, it can be difficult, time-consuming, and frustrating to use the AWS CLI to make 5 different API calls to describe, as an example, an AWS ECS cluster, its services, task definitions, tasks, container definitions, etc. We often find ourselves lost in documentation and having to use half a dozen of APIs to get answers to questions like \"What exactly is running in this VPC?\"\n\n\u003cbr /\u003e\n\nThis means that AWS, Azure, and GCP can feel overwhelming quickly even to seasoned cloud architects. While the CSPs are fantastic at building the actual services that power our businesses, not a lot of headway has been into simplifying the day-to-day UX of querying these hundreds of services in a sane manner.\n\n\u003cbr /\u003e\n\nNew solutions like the Cloud Control API for AWS have attempted to create a standardized interface for querying many different types of AWS resources. Unfortunately, the Cloud Control API's usage is severely limited, and users still need to know how to correctly query their data. This means more time spent reading documentation and understanding how services work and are related to one another.\n\n\u003cbr /\u003e\n\nWhile the modularity of the CSP APIs is a great logical organization system and does make sense, it's a burden on end-users in terms of the cognitive overhead and learning curve. Having to remember how hundreds of constantly changing services work and are connected leads to a caffeine addiction and time wasted playing detective.\n\n\u003cbr /\u003e\n\nWouldn't it be great if we as DevOps/Cloud engineers had a simpler way to get our data out of AWS, Azure, GCP and the others? One that reflected our need to easily query any data about any service in any account without having to spend hours on docs or stack overflow?\n\n\u003cbr /\u003e\n\nIt is for these reasons that we built CloudGraph, the GraphQL API for everything cloud. CloudGraph extracts, normalizes, processes, and enriches your cloud data allowing you to access deep insights across multiple providers effortlessly. Check out our blog post [The GraphQL API for everything](https://www.autocloud.dev/blog/the-graphql-api-for-all-clouds) to learn more.\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/cloudgraphdev/cli/raw/main/docs/images/exampleQueries.gif\"\u003e\n    \u003cimg alt=\"example queries\" src=\"https://github.com/cloudgraphdev/cli/raw/main/docs/images/exampleQueries.gif\" width=\"95%\" style=\"display: block; margin: auto\"/\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n\u003cbr /\u003e\n\n# How It Works\n\nNote that CloudGraph requires **READ ONLY** permissions to run and as such can **never** mutate your actual cloud infrastructure. Additionally, none of your cloud environment information is ever sent to or shared with CloudGraph, AutoCloud, or any other third parties.\n\n\u003cbr /\u003e\n\nUnder the hood, CloudGraph reaches out to your cloud provider(s), sucks up all of the configuration data, processes it, and stores a copy of this data for you in [Dgraph](https://dgraph.io/). It then exposes an endpoint at `http://localhost:8997` that allows you to write GraphQL Queries against your stored data. These queries not only allow you do to anything that you would do with say, the AWS SDK/CLI, but they also allow you to run much more powerful queries as well. CloudGraph ships with pre-packaged GraphQL query tools including [GraphQL Playground](https://github.com/graphql/graphql-playground) and [Altair](https://github.com/altair-viz/altair) but you can also feel free to use your own. It also includes a schema visualization tool called [Voyager](https://github.com/APIs-guru/graphql-voyager) so you can understand relationships between entities.\n\n\u003cbr /\u003e\n\n# Authentication and Permissions\n\nCloudGraph currently supports AWS, Azure, GCP, K8s, and Tencent (several others coming soon). CloudGraph needs read permissions in order to ingest your data. To keep things easy you can use the same permissions that we use internally when we run CloudGraph to power AutoCloud. Here are the auth guides and details for how to generate credentials for each provider (feel free to leave out AutoCloud specific configuration):\n\n\u003cbr /\u003e\n\n- [AWS Docs](https://docs.autocloud.dev/aws-account)\n- [Azure Docs](https://docs.autocloud.dev/azure-subscription)\n- [GCP Docs](https://docs.autocloud.dev/gcp-project)\n- [K8s Docs](https://github.com/cloudgraphdev/cloudgraph-provider-kubernetes)\n- [Tencent Docs](https://github.com/cloudgraphdev/cloudgraph-provider-tencent)\n\n\u003cbr /\u003e\n\n# Install\n\n\u003c!-- install --\u003e\n\n**System Requirements**\n\n- Docker\n\nThere are 2 ways to install the CloudGraph CLI\n\n### Homebrew (Recommended)\n\nYou can install CloudGraph using homebrew with the following command:\n`brew install cloudgraphdev/tap/cg`\n\n### NPM\n\n- Requires Node 16+\n\nUse this command to install and update CloudGraph to the latest version.\n\n```bash\nnpm i -g @cloudgraph/cli\n```\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/cloudgraphdev/cli/raw/main/docs/images/install.gif\"\u003e\n    \u003cimg alt=\"install\" src=\"https://github.com/cloudgraphdev/cli/raw/main/docs/images/install.gif\" width=\"95%\" style=\"display: block; margin: auto\"/\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n\u003cbr/\u003e\n\nYou can then add the providers you want (links to provider repos: [AWS](https://github.com/cloudgraphdev/cloudgraph-provider-aws), [Azure](https://github.com/cloudgraphdev/cloudgraph-provider-azure), [GCP](https://github.com/cloudgraphdev/cloudgraph-provider-gcp), [K8s](https://github.com/cloudgraphdev/cloudgraph-provider-k8s), [Tencent Docs](https://github.com/cloudgraphdev/cloudgraph-provider-tencent)):\n\n```bash\ncg init aws\ncg init azure\ncg init gcp\ncg init k8s\ncg init tencent\n```\n\nYou can also add as many as you want all at once\n\n```bash\ncg init aws azure gcp k8s tencent\n```\n\nAnd add in compliance policy packs to supplement your data with instant security insights:\n\n```bash\ncg policy add gcp-cis-1.2.0\ncg policy add azure-cis-1.3.1\ncg policy add aws-cis-1.2.0\ncg policy add aws-cis-1.3.0\ncg policy add aws-cis-1.2.0\ncg policy add aws-pci-dss-3.2.1\ncg policy add aws-nist-800-53-rev4\n```\n\nYou can find a list of currently supported policy packs in the [Policy Packs repo](https://github.com/cloudgraphdev/cloudgraph-policy-packs)\n\n\u003c!-- installstop --\u003e\n\n\u003cbr /\u003e\n\n# Quick Start\n\nYou can get up and running with three simple commands:\n\n\u003cbr /\u003e\n\n\u003c!-- quickstart --\u003e\n\n```bash\ncg init\n```\n\n1. This initializes CloudGraph's configuration. This command will ask you a series of questions about what providers you are using and how you would like CloudGraph configured.\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/cloudgraphdev/cli/raw/main/docs/images/init.gif\"\u003e\n    \u003cimg alt=\"init\" src=\"https://github.com/cloudgraphdev/cli/raw/main/docs/images/init.gif\" width=\"95%\" style=\"display: block; margin: auto\"/\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n\u003cbr/\u003e\n\n---\n\n\u003cbr/\u003e\n\n```bash\ncg launch\n```\n\n\u003cbr/\u003e\n\n2. This command launches an instance of [Dgraph](https://dgraph.io/), the graphdb CloudGraph uses to store data under the hood. Note that there are 2 ways to launch an instance. **BOTH** of these require [Docker](https://www.docker.com/) to be installed and running. The preferred solution is to use our `cg launch` convenience command.\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/cloudgraphdev/cli/raw/main/docs/images/launch.gif\"\u003e\n    \u003cimg alt=\"launch\" src=\"https://github.com/cloudgraphdev/cli/raw/main/docs/images/launch.gif\" width=\"95%\" style=\"display: block; margin: auto\"/\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\nNote that if you do not want to use this command, for example, if you want to launch the Dgraph container in interactive mode, you can use the docker command below.\n\n```bash\n  docker run -it -p 8995:5080 -p 8996:6080 -p 8997:8080 -p 8998:9080 -p 8999:8000\n  --label cloudgraph-cli-dgraph-standalone -v ~/dgraph:/dgraph --name dgraph dgraph/standalone:v21.03.1\n```\n\n---\n\n\u003cbr/\u003e\n\n```bash\ncg scan\n```\n\n\u003cbr/\u003e\n\n3. Scan for cloud infrastructure for all configured providers. This command will reach out and read all of the metadata on your cloud infrastructure. Note that it is **completely normal** to see warnings and errors while the `cg scan` command runs, these are usually caused by permissions issues. That said, if you encounter any problematic errors running CloudGraph you can prepend `CG_DEBUG=5` to the beginning of your command as in, `CG_DEBUG=5 cg scan`. This will print out the verbose logs with more information and save the output to `cg-debug.log`. Please share your logs with us either by opening an [issue on GitHub](https://github.com/cloudgraphdev/cli/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc) or let us know in our [Slack Workspace](https://join.slack.com/t/cloudgraph-workspace/shared_invite/zt-ytjemoz7-yKWwElynDp1eHAAB55sbpg).\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/cloudgraphdev/cli/raw/main/docs/images/scan.gif\"\u003e\n    \u003cimg alt=\"scan\" src=\"https://github.com/cloudgraphdev/cli/raw/main/docs/images/scan.gif\" width=\"95%\" style=\"display: block; margin: auto\"/\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\nThat's it, you are all set to start querying! The query tool you selected during the `cg init` command will then be opened in your preferred browser to run queries, mutations, and visualizations on all of your cloud infrastructure! Note that if you installed any policy packs, such as AWS CIS 1.2, policy pack insight data will be automatically added to your cloud data!\n\n\u003cbr/\u003e\n\nNote that you may also use **any** GraphQL query tool you would like by connecting it to http://localhost:8997/graphql.\n\n\u003c!-- quickstartstop --\u003e\n\n\u003cbr /\u003e\n\n## Stopping the Dgraph instance\n\n\u003cbr /\u003e\n\nTo stop the Dgraph instance(stop the dgraph container) run:\n\n\u003cbr /\u003e\n\n```bash\ncg teardown\n```\n\n\u003cbr /\u003e\n\nAdditionally if you wish to remove the container after stopping it, run:\n\n\u003cbr /\u003e\n\n```bash\ncg teardown --delete-image\n```\n\n\u003cbr /\u003e\n\n# Loading Previous Versions\n\n\u003cbr /\u003e\n\nCloudGraph stores as many previous versions of your data as you configured in the `cg init` command. In order to load and query a previous version of your data simply run the `cg load` command and select the version of your data you wish to inspect like so:\n\n\u003cbr /\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/cloudgraphdev/cli/raw/main/docs/images/load.png\"\u003e\n    \u003cimg alt=\"load\" src=\"https://github.com/cloudgraphdev/cli/raw/main/docs/images/load.png\" width=\"95%\" style=\"display: block; margin: auto\"/\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n\u003cbr /\u003e\n\n# Supported Services\n\n\u003cbr /\u003e\n\nYou can find the list of services currently supported for each provider in the following provider repos:\n\n[AWS Provider Repo](https://github.com/cloudgraphdev/cloudgraph-provider-aws)\n\n[Azure Provider Repo](https://github.com/cloudgraphdev/cloudgraph-provider-azure)\n\n[GCP Provider Repo](https://github.com/cloudgraphdev/cloudgraph-provider-gcp)\n\n[K8s Provider Repo](https://github.com/cloudgraphdev/cloudgraph-provider-k8s)\n\n\u003cbr /\u003e\n\n\u003c!-- examplesqueries --\u003e\n\n# Example Queries\n\nLink to full documentation: https://docs.cloudgraph.dev/overview.\n\nTo use CloudGraph, you will need to be familiar with [GraphQL](https://graphql.org/). This section contains a handful of example queries to get you up and running but is by no means exhaustive. If you can dream it up, you can query it! Note that you can find **hundreds** of additional example queries in the [documentation](https://docs.cloudgraph.dev/overview).\n\n\u003cbr /\u003e\n\n## Basic Query Syntax Examples:\n\n_Note: this section will focus on AWS, but the same ideas apply other provider like Azure and GCP_\n\nTo explain how CloudGraph works consider the following query that you can run to get the `ID` and `ARN` of a single `EC2 instance`. Note that for the purposes of these examples we will just request the `IDs` and `ARNs` of AWS resources to keep things terse, but you can query whatever attributes you want:\n\n\u003cbr /\u003e\n\n```graphql\nquery {\n  getawsEc2(\n    arn: \"arn:aws:ec2:us-east-1:123445678997:instance/i-12345567889012234\"\n  ) {\n    id\n    arn\n  }\n}\n```\n\n\u003cbr /\u003e\n\nThis query will return a `JSON` payload that looks like this. All of the following examples will follow suit:\n\n\u003cbr /\u003e\n\n```json\n{\n  \"data\": {\n    \"getawsEc2\": {\n      \"id\": \"i-12345567889012234\",\n      \"arn\": \"arn:aws:ec2:us-east-1:123445678997:instance/i-12345567889012234\"\n    }\n  },\n  \"extensions\": {\n    \"touched_uids\": 4\n  }\n}\n```\n\n\u003cbr /\u003e\n\nGet the `ID` and `ARN` of each `EC2` in **all** the AWS accounts you have scanned:\n\n```graphql\nquery {\n  queryawsEc2 {\n    id\n    arn\n  }\n}\n```\n\n\u003cbr /\u003e\n\nGet the `ID` and `ARN` of all `EC2` instances in **one** of your AWS accounts by filtering the accountId:\n\n```graphql\nquery {\n  queryawsEc2(filter: { accountId: { eq: \"123456\" } }) {\n    id\n    arn\n  }\n}\n```\n\n\u003cbr /\u003e\n\nGet the `ID` and `ARN` of each `EC2` in `\"us-east-1\"` using a regex to search the `ARN`:\n\n```graphql\nquery {\n  queryawsEc2(filter: { arn: { regexp: \"/.*us-east-1.*/\" } }) {\n    id\n    arn\n  }\n}\n```\n\n\u003cbr /\u003e\n\nDo the same thing but checking to see that the `region` is equal to `\"us-east-1\"` instead of using a regex:\n\n```graphql\nquery {\n  queryawsEc2(filter: { region: { eq: \"us-east-1\" } }) {\n    id\n    arn\n  }\n}\n```\n\n\u003cbr /\u003e\n\nDo the same thing but checking to see that the `region` contains `\"us-east-1\"` in the name instead of using eq:\n\n```graphql\nquery {\n  queryawsEc2(filter: { region: { in: \"us-east-1\" } }) {\n    id\n    arn\n  }\n}\n```\n\n\u003cbr /\u003e\n\nGet the `ID` and `ARN` of each `M5` series `EC2 instance` in `\"us-east-1\"`\n\n```graphql\nquery {\n  queryawsEc2(\n    filter: { region: { eq: \"us-east-1\" }, instanceType: { regexp: \"/^m5a*/\" } }\n  ) {\n    id\n    arn\n  }\n}\n```\n\n\u003cbr /\u003e\n\nDo the same thing but skip the first found result (i.e. `offset: 1`) and then only return the first two results after that (i.e. `first: 2`) and order those results by AZ in ascending order (`order: { asc: availabilityZone }`) so that instance(s) in `\"us-east-1a\"` are returned at the top of the list.\n\n```graphql\nquery {\n  queryawsEc2(\n    filter: { region: { eq: \"us-east-1\" }, instanceType: { regexp: \"/^m5a*/\" } }\n    order: { asc: availabilityZone }\n    first: 2\n    offset: 1\n  ) {\n    id\n    arn\n  }\n}\n```\n\n\u003cbr /\u003e\n\nDo the same thing but also include the `EBS Volume` that is the boot disk for each `EC2 instance`:\n\n```graphql\nquery {\n  queryawsEc2(\n    filter: { region: { eq: \"us-east-1\" }, instanceType: { regexp: \"/^m5a*/\" } }\n    order: { asc: availabilityZone }\n    first: 2\n    offset: 1\n  ) {\n    id\n    arn\n    ebs(filter: { isBootDisk: true }, first: 1) {\n      id\n      arn\n      isBootDisk\n    }\n  }\n}\n```\n\n\u003cbr /\u003e\n\nDo the same thing, but also include the `SGs` and `ALBs` for each `EC2`. For the `ALBs`, get the `EC2s` that they are connected to along with the `ID` and `ARN` of each found `EC2 instance` (i.e. a circular query).\n\n```graphql\nquery {\n  queryawsEc2(\n    filter: { region: { eq: \"us-east-1\" }, instanceType: { regexp: \"/^m5a*/\" } }\n    order: { asc: availabilityZone }\n    first: 2\n    offset: 1\n  ) {\n    id\n    arn\n    ebs(filter: { isBootDisk: true }, first: 1) {\n      id\n      arn\n      isBootDisk\n    }\n    securityGroups {\n      id\n      arn\n    }\n    alb {\n      id\n      arn\n      ec2Instance {\n        id\n        arn\n      }\n    }\n  }\n}\n```\n\n\u003cbr /\u003e\n\nGet each `VPC`, the `ALBs` and `Lambdas` in that `VPC`, and then a bunch of nested sub-data as well. Also get each `S3 Bucket` in `us-east-1`. Also get the `SQS` queue with an `ARN` of `arn:aws:sqs:us-east-1:8499274828484:autocloud.fifo` and check the `approximateNumberOfMessages`. You get the idea, CloudGraph is **extremely** powerful.\n\n```graphql\nquery {\n  queryawsVpc {\n    id\n    arn\n    alb {\n      id\n      arn\n      ec2Instance {\n        id\n        arn\n        ebs(filter: { isBootDisk: true }) {\n          id\n          arn\n        }\n      }\n    }\n    lambda {\n      id\n      arn\n      kms {\n        id\n        arn\n      }\n    }\n  }\n  queryawsS3(filter: { region: { eq: \"us-east-1\" } }) {\n    id\n    arn\n  }\n  getawsSqs(arn: \"arn:aws:sqs:us-east-1:8499274828484:autocloud.fifo\") {\n    approximateNumberOfMessages\n  }\n}\n```\n\n\u003cbr /\u003e\n\n## AWS security, compliance, and governance examples:\n\nCloudGraph Policy Packs guarantee compliance across existing infrastructure for a given cloud provider. Packs are based on sets of rules/benchmarks provided by security organizations like the Center for Internet Security with the objective of keeping your infrastructure up-to-date with industry security standards. Once you have added a policy pack using the `cg policy add` command (i.e. `cg policy add aws-cis-1.2.0`) each time you run a scan CloudGraph will _automatically_ execute your configured policies. Those results will be stored at Dgraph and linked to your existing resources, making it easy to query your compliance results alongside your resources.\n\nFor more information on currently available policy packs please visit our [Policy Packs repo](https://github.com/cloudgraphdev/cloudgraph-policy-packs)\n\n\u003cbr /\u003e\n\nUse the CloudGraph Policy Pack for AWS CIS 1.2 to query all of your CIS findings for all of your AWS Accounts:\n\n```graphql\nquery {\n  queryawsCISFindings {\n    id\n    resourceId\n    result\n    rule {\n      id\n      description\n      severity\n    }\n  }\n}\n```\n\n\u003cbr /\u003e\n\nIf you want to query several different compliance findings for a given provider like AWS at once, you can request them like this:\n\n```graphql\nquery {\n  queryawsFindings {\n    CISFindings {\n      id\n      resourceId\n      result\n      rule {\n        id\n        description\n        severity\n      }\n    }\n    AutoCloudFindings {\n      id\n      resourceId\n      result\n      rule {\n        id\n        description\n        severity\n      }\n    }\n  }\n}\n```\n\n\u003cbr /\u003e\n\nFor each CIS rule, get the resources that the rule is associated with, in this case we are quering IAM user's data to see which pass and fail:\n\n```graphql\nquery {\n  queryawsCISFindings {\n    id\n    resourceId\n    result\n    rule {\n      id\n      description\n      severity\n    }\n    iamUser {\n      id\n      arn\n      name\n    }\n  }\n}\n```\n\n\u003cbr /\u003e\n\nIf you wanted to understand the CIS rules that apply to a particular IAM User you could use the following query:\n\n```graphql\nquery {\n  getawsIamUser(id: \"123456789\") {\n    name\n    CISFindings {\n      id\n      resourceId\n      result\n      rule {\n        id\n        description\n        severity\n      }\n    }\n  }\n}\n```\n\n\u003cbr /\u003e\n\nEven if you don't have any policy packs installed, you can still write powerful security queries like this to find all the unencrypted `EBS Volumes`:\n\n```graphql\nquery {\n  queryawsEbs(filter: { encrypted: false }) {\n    id\n    arn\n    availabilityZone\n    encrypted\n  }\n}\n```\n\n\u003cbr /\u003e\n\nFind all the public `S3 Buckets`:\n\n```graphql\nquery {\n  queryawsS3(filter: { access: { eq: \"Public\" } }) {\n    id\n    arn\n    access\n  }\n}\n```\n\n\u003cbr /\u003e\n\nFind all the `S3 Buckets` that are themselves public or that can have Objects that are public in them:\n\n```graphql\nquery {\n  queryawsS3(filter: { not: { access: { eq: \"Private\" } } }) {\n    id\n    arn\n    access\n  }\n}\n```\n\n\u003cbr /\u003e\n\nFind all the `KMS` keys in `\"us-east-1\"`:\n\n```graphql\nquery {\n  queryawsKms(filter: { arn: { regexp: \"/.*us-east-1.*/\" } }) {\n    id\n    arn\n    description\n    keyRotationEnabled\n    tags {\n      key\n      value\n    }\n  }\n}\n```\n\n\u003cbr /\u003e\n\nFind all the burstable `T` series instances:\n\n```graphql\nquery {\n  queryawsEc2(filter: { instanceType: { regexp: \"/^t.*/\" } }) {\n    id\n    arn\n    availabilityZone\n    instanceType\n  }\n}\n```\n\n\u003cbr /\u003e\n\nFind the default `VPCs`:\n\n```graphql\nquery {\n  queryawsVpc(filter: { defaultVpc: true }) {\n    id\n    arn\n    defaultVpc\n    state\n  }\n}\n```\n\n\u003cbr /\u003e\n\nFind the public `ALBs`:\n\n```graphql\nquery {\n  queryawsAlb(filter: { scheme: { eq: \"internet-facing\" } }) {\n    id\n    arn\n    dnsName\n    createdAt\n    tags {\n      key\n      value\n    }\n  }\n}\n```\n\n\u003cbr /\u003e\n\nFind all of the `EC2s`, `Lambdas`, and `VPCs` that have a `Tag` value of `\"Production\"`:\n\n```graphql\nquery {\n  queryawsTag(filter: { value: { eq: \"Production\" } }) {\n    key\n    value\n    ec2Instance {\n      id\n      arn\n    }\n    lambda {\n      id\n      arn\n    }\n    vpc {\n      id\n      arn\n    }\n  }\n}\n```\n\n\u003cbr /\u003e\n\nDo the same thing but look for both a `key` and a `value`:\n\n```graphql\nquery {\n  queryawsTag(\n    filter: { key: { eq: \"Environment\" }, value: { eq: \"Production\" } }\n  ) {\n    key\n    value\n    ec2Instance {\n      id\n      arn\n    }\n    lambda {\n      id\n      arn\n    }\n    vpc {\n      id\n      arn\n    }\n  }\n}\n```\n\n\u003cbr /\u003e\n\nDo the same thing using `getawsTag` instead of `queryawsTag`. Note that when searching for tags using `getawsTag` your must specify **both** the `key` and `value` as the `id` like is done below with `\"Environment:Production\"`:\n\n```graphql\nquery {\n  getawsTag(id: \"Environment:Production\") {\n    key\n    value\n    ec2Instance {\n      id\n      arn\n    }\n    lambda {\n      id\n      arn\n    }\n    vpc {\n      id\n      arn\n    }\n  }\n}\n```\n\n\u003cbr /\u003e\n\n## AWS FinOps examples:\n\n\u003cbr /\u003e\n\nNote that billing data is currently only available for AWS. In order to successfully ingest FinOps related data you must have the Cost Explorer API enabled in your AWS Account. [You can view how to do that here](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/ce-access.html)\n\n\u003cbr /\u003e\n\nGet the `total cost` of your AWS Account for the `last 30 days`, the `total cost` of your AWS Account `month to date`, a breakdown of `each service and its cost for the last 30 days`, and a breakdown of `each service and its cost month to date` as well as the `monthly` and `month to date` average costs:\n\n```graphql\nquery {\n  queryawsBilling {\n    totalCostLast30Days {\n      cost\n      currency\n      formattedCost\n    }\n    totalCostMonthToDate {\n      cost\n      currency\n      formattedCost\n    }\n    monthToDate {\n      name\n      cost\n      currency\n      formattedCost\n    }\n    last30Days {\n      name\n      cost\n      currency\n      formattedCost\n    }\n    monthToDateDailyAverage {\n      name\n      cost\n      currency\n      formattedCost\n    }\n    last30DaysDailyAverage {\n      name\n      cost\n      currency\n      formattedCost\n    }\n  }\n}\n```\n\n\u003cbr /\u003e\n\nThis query will return a `JSON` payload that looks like this:\n\n```json\n{\n  \"data\": {\n    \"queryawsBilling\": [\n      {\n        \"totalCostLast30Days\": {\n          \"cost\": 7088.87,\n          \"currency\": \"USD\",\n          \"formattedCost\": \"$7088.87\"\n        },\n        \"totalCostMonthToDate\": {\n          \"cost\": 7089.28,\n          \"currency\": \"USD\",\n          \"formattedCost\": \"$7089.28\"\n\n        },\n        \"monthToDate\": [\n          {\n            \"name\": \"Amazon Relational Database Service\",\n            \"cost\": 548.68,\n            \"currency\": \"USD\",\n            \"formattedCost\": \"$548.68\"\n          },\n          {\n            \"name\": \"Amazon Managed Streaming for Apache Kafka\",\n            \"cost\": 67.49,\n            \"currency\": \"USD\",\n            \"formattedCost\": \"$67.49\"\n          },\n          {\n            \"name\": \"Amazon OpenSearch Service\",\n            \"cost\": 1155.04,\n            \"currency\": \"USD\",\n            \"formattedCost\": \"$1155.04\"\n          }\n          ...More Services\n        ],\n        \"last30Days\": [\n          {\n            \"name\": \"AWS Step Functions\",\n            \"cost\": 330.20,\n            \"currency\": \"USD\",\n            \"formattedCost\": \"$330.20\"\n          },\n          {\n            \"name\": \"Amazon Elastic Container Service for Kubernetes\",\n            \"cost\": 194.40,\n            \"currency\": \"USD\",\n            \"formattedCost\": \"$194.40\"\n          },\n          {\n            \"name\": \"AmazonCloudWatch\",\n            \"cost\": 310.54,\n            \"currency\": \"USD\",\n            \"formattedCost\": \"$310.54\"\n          }\n          ...More Services\n        ],\n        \"monthToDateDailyAverage\": [\n          {\n            \"name\": \"Amazon Relational Database Service\",\n            \"cost\": 54.86,\n            \"currency\": \"USD\",\n            \"formattedCost\": \"$54.86\"\n          },\n          {\n            \"name\": \"Amazon Managed Streaming for Apache Kafka\",\n            \"cost\": 6.74,\n            \"currency\": \"USD\",\n            \"formattedCost\": \"$6.74\"\n          },\n          {\n            \"name\": \"Amazon OpenSearch Service\",\n            \"cost\": 115.50,\n            \"currency\": \"USD\",\n            \"formattedCost\": \"$115.50\"\n          }\n          ...More Services\n        ],\n        \"last30DaysDailyAverage\": [\n          {\n            \"name\": \"AWS Step Functions\",\n            \"cost\": 33.01,\n            \"currency\": \"USD\",\n            \"formattedCost\": \"$33.01\"\n          },\n          {\n            \"name\": \"Amazon Elastic Container Service for Kubernetes\",\n            \"cost\": 19.44,\n            \"currency\": \"USD\",\n            \"formattedCost\": \"$19.44\"\n          },\n          {\n            \"name\": \"AmazonCloudWatch\",\n            \"cost\": 31.05,\n            \"currency\": \"USD\",\n            \"formattedCost\": \"$31.05\"\n          }\n          ...More Services\n        ],\n      }\n    ]\n  },\n  \"extensions\": {\n    \"touched_uids\": 212\n  }\n}\n```\n\n\u003cbr /\u003e\n\nGet each `EC2 instance` in your AWS account along with its daily cost:\n\n```graphql\nquery {\n  queryawsEc2 {\n    arn\n    dailyCost {\n      cost\n      currency\n      formattedCost\n    }\n  }\n}\n```\n\n\u003cbr /\u003e\n\nThis query will return a `JSON` payload that looks like this. All of the following examples will follow suit:\n\n```json\n{\n{\n  \"data\": {\n    \"queryawsEc2\": [\n      {\n        \"arn\": \"arn:aws:ec2:us-east-1:12345678910:instance/i-0c8b3vhfgf8df923f\",\n        \"dailyCost\": {\n          \"cost\": 2.06,\n          \"currency\": \"USD\",\n          \"formattedCost\": \"$2.06\"\n        }\n      },\n      {\n        \"arn\": \"arn:aws:ec2:us-east-1:12345678910:instance/i-060b3dsfds7sdf62e3\",\n        \"dailyCost\": {\n          \"cost\": 2.06,\n          \"currency\": \"USD\",\n          \"formattedCost\": \"$2.06\"\n        }\n      },\n     ...More EC2 Instances\n    ]\n  },\n  \"extensions\": {\n    \"touched_uids\": 28\n  }\n}\n```\n\n\u003cbr /\u003e\n\nGet each `NAT Gateway` in your AWS account along with its daily cost:\n\n```graphql\nquery {\n  queryawsNatGateway {\n    arn\n    dailyCost {\n      cost\n      currency\n      formattedCost\n    }\n  }\n}\n```\n\n\u003cbr /\u003e\n\n## AWS CloudWatch example:\n\nCloudGraph ingests your CloudWatch Metric data and stores it along with select AWS services. This feature is currently in beta and will work for EC2 only:\n\n```graphql\nquery {\n  queryawsEc2 {\n    arn\n    cloudWatchMetricData {\n      lastWeek {\n        cpuUtilizationAverage\n        networkInAverage\n        networkOutAverage\n        networkPacketsInAverage\n        networkPacketsOutAverage\n        statusCheckFailedSum\n        statusCheckFailedInstanceSum\n        statusCheckFailedSystemSum\n        diskReadOpsAverage\n        diskWriteOpsAverage\n        diskReadBytesAverage\n        diskWriteBytesAverage\n      }\n\n      lastMonth {\n        cpuUtilizationAverage\n        networkInAverage\n        networkOutAverage\n        networkPacketsInAverage\n        networkPacketsOutAverage\n        statusCheckFailedSum\n        statusCheckFailedInstanceSum\n        statusCheckFailedSystemSum\n        diskReadOpsAverage\n        diskWriteOpsAverage\n        diskReadBytesAverage\n        diskWriteBytesAverage\n      }\n      last6Hours {\n        cpuUtilizationAverage\n        networkInAverage\n        networkOutAverage\n        networkPacketsInAverage\n        networkPacketsOutAverage\n        statusCheckFailedSum\n        statusCheckFailedInstanceSum\n        statusCheckFailedSystemSum\n        diskReadOpsAverage\n        diskWriteOpsAverage\n        diskReadBytesAverage\n        diskWriteBytesAverage\n      }\n      last24Hours {\n        cpuUtilizationAverage\n        networkInAverage\n        networkOutAverage\n        networkPacketsInAverage\n        networkPacketsOutAverage\n        statusCheckFailedSum\n        statusCheckFailedInstanceSum\n        statusCheckFailedSystemSum\n        diskReadOpsAverage\n        diskWriteOpsAverage\n        diskReadBytesAverage\n        diskWriteBytesAverage\n      }\n    }\n  }\n}\n```\n\n\u003cbr /\u003e\n\n## Thinking in terms of a graph:\n\n\u003cbr /\u003e\n\nWhen you think, \"in terms of a graph\", you can do almost anything with CloudGraph. Say for example that you want to know what Lamba functions don't belong to a VPC (i.e. they don't leverage VPC networking). Because CloudGraph connects all resources that have relationships, such as VPC parents to their Lambda children, you are able to answer this question easily. Simply check to see what lambda functions the VPC is \"connected\" to, and compare that against the list of all lambda functions like so:\n\n```graphql\nquery {\n  queryawsVpc {\n    id\n    arn\n    lambda {\n      id\n      arn\n    }\n  }\n  queryawsLambda {\n    id\n    arn\n  }\n}\n```\n\n\u003cbr /\u003e\n\n## Limitations\n\n\u003cbr /\u003e\n\nToday, the biggest limitation with CloudGraph and our query abilities is we don't support nested filtering based on child attributes. So for example, as cool as it would be to do the following, it's just not possible yet:\n\n\u003cbr /\u003e\n\n```graphql\nquery {\n  # This won't work just yet...\n  queryawsEc2(filter: { ebs: { isBootDisk: true } }) {\n    id\n    arn\n    ebs {\n      id\n      arn\n    }\n  }\n  # So you have to do this instead :(\n  queryawsEc2 {\n    id\n    arn\n    ebs(filter: { isBootDisk: true }) {\n      id\n      arn\n    }\n  }\n}\n```\n\nThis is actually not a limitation of CloudGraph, but rather a feature that still needs to be implemented with Dgraph. [You can view and comment on the discussion thread here](https://discuss.dgraph.io/t/proposal-nested-object-filters-for-graphql-rewritten-as-var-blocks-in-dql/12252/2)\n\n\u003c!-- examplesqueriesstop --\u003e\n\n\u003cbr /\u003e\n\n# Query Tools\n\n\u003c!-- querytools --\u003e\n\nCloudGraph ships with 2 awesome query tools and a GraphQL schema explorer. Remember, you can use **ANY** GraphQL query tool if you would prefer another option, just connect it to your exposed `/graphql` endpoint!\n\n\u003cbr /\u003e\n\n## [GraphQL Playground](https://github.com/graphql/graphql-playground)\n\nGraphQL playground has a fluid and engaging UX that is great for querying a GraphQL schema quickly and simply. It has built-in automatically generated documentation and auto-completion while you type. To access playground, either select it as your preferred query tool in the `init` command OR visit `/playground` in the server CG spins up.\n\n\u003cbr /\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/cloudgraphdev/cli/raw/main/docs/images/gqlPlayground.png\"\u003e\n    \u003cimg alt=\"gqlPlayground\" src=\"https://github.com/cloudgraphdev/cli/raw/main/docs/images/gqlPlayground.png\" width=\"95%\" style=\"display: block; margin: auto\"/\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n\u003cbr /\u003e\n\n## [Altair](https://github.com/altair-graphql/altair)\n\nAltair is another great GraphQL query tool that packs a ton of [features](https://github.com/altair-graphql/altair#features) for power users. Do things like autocomplete queries, dynamically add fragments, and export/import collections of queries. To access Altair, either select it as your preferred query tool in the `init` command OR visit `/altair` in the server CG spins up.\n\n\u003cbr /\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/cloudgraphdev/cli/raw/main/docs/images/gqlAltair.png\"\u003e\n    \u003cimg alt=\"gqlAltair\" src=\"https://github.com/cloudgraphdev/cli/raw/main/docs/images/gqlAltair.png\" width=\"95%\" style=\"display: block; margin: auto\"/\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n\u003cbr /\u003e\n\n## [Voyager](https://github.com/APIs-guru/graphql-voyager)\n\nGraphQL Voyager is an awesome way to explore the schema(s) for your CG providers. It gives you a great bidirectional chart containing all your types and queries. You can click entities or arrows to discover connections, search for something specific, and get a deeper understanding of your schema. To access voyager, visit `/voyager` in the server CG spins up.\n\n\u003cbr /\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/cloudgraphdev/cli/raw/main/docs/images/voyager.png\"\u003e\n    \u003cimg alt=\"voyager\" src=\"https://github.com/cloudgraphdev/cli/raw/main/docs/images/voyager.png\" width=\"95%\" style=\"display: block; margin: auto\"/\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n\u003c!-- querytoolsstop --\u003e\n\n\u003cbr /\u003e\n\n# Community\n\n\u003cbr /\u003e\n\nComments, questions, or feedback? Please [Join Our Slack Workspace](https://join.slack.com/t/cloudgraph-workspace/shared_invite/zt-ytjemoz7-yKWwElynDp1eHAAB55sbpg) we would love to hear from you.\n\n\u003cbr /\u003e\n\n# Contribution Guidelines\n\nIf you're interested in contributing to CloudGraph please check out our [Contribution Guidelines](https://github.com/cloudgraphdev/cli/blob/main/CONTRIBUTING.md).\n\n\u003cbr /\u003e\n\n# Deployment Options\n\nYou can either run CloudGraph locally, or you can deploy it to your cloud provider of choice. Terraform modules and guides for cloud deployments are coming soon!\n\n\u003cbr /\u003e\n\n# Hosted Version\n\nInterested in a fully managed SaaS/self hosted version of CloudGraph that has built in 3D visualization capabilities, automated scans, and hundreds of additional compliance checks? Check out [AutoCloud](https://www.autocloud.dev) for more details.\n\n\u003cbr /\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://www.autocloud.dev\"\u003e\n    \u003cimg alt=\"autocloud\" src=\"https://github.com/cloudgraphdev/cli/raw/main/docs/images/autoCloud.png\" width=\"95%\" style=\"display: block; margin: auto\"/\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n# Debugging\n\nIf you encounter any errors running CloudGraph you can prepend `CG_DEBUG=5` to the beginning of your command as in, `CG_DEBUG=5 cg scan`. This will print out the verbose logs with more information that you can then use to either open an [issue on GitHub](https://github.com/cloudgraphdev/cli/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc) or let us know in our [Slack Workspace](https://join.slack.com/t/cloudgraph-workspace/shared_invite/zt-ytjemoz7-yKWwElynDp1eHAAB55sbpg).\n\n\u003cbr /\u003e\n\n# Common Errors\n\nThere are some common errors you may see when running CloudGraph that are usually related to permisions or connection issues.\n\n- ⚠️ unable to make some connections - This warning in the scan report appears when CG tries to make a connection between two resources and is unable to do so. If you see this using one of CG's offically supported providers, please [create a new issue](https://github.com/cloudgraphdev/cli/issues) so we can solve it. The most common cause of this error is a bug in the underlying provider's resource connection logic.\n\n- 🚫 unable to store data in Dgraph - This error in the scan report appears when CG tries to insert some cloud provider data into the graph DB and it fails. Any services with this error will be unable to be queried in the GraphQL query tool. This usually happens when CG is unable to grab required data (such as an arn) for a resource due to an error when calling the provider SDK, commonly due to a lack of authorization.\n\n- Provider {name}@${version} requires cli version {version} but cli version is ${version} - This warning means you have incompatible versions of CG and the provider you are trying to use. Try updating CG `npm install -g @cloudgraphdev/cli` and the provider module `cg provider update` so both are at the latest version. You can also check the proivder's `pacakge.json` to see what versions of CG support it.\n\n- Manager failed to install plugin for {provider} - This error occurs when CG's plugin manager can not find the provider module you want to use. The manager searches the public NPM registry for the provider module. For offically supported providers, just pass the provider name `CG init aws`. For community supported providers, you must pass the namespace as well `CG init @{providerNamespace}/{provider}`\n\n\u003cbr /\u003e\n\n# Commands\n\n\u003c!-- commands --\u003e\n* [`cg help [COMMAND]`](#cg-help-command)\n* [`cg init [PROVIDER]`](#cg-init-provider)\n* [`cg launch [PROVIDER]`](#cg-launch-provider)\n* [`cg load [PROVIDER]`](#cg-load-provider)\n* [`cg policy [PROVIDER]`](#cg-policy-provider)\n* [`cg policy add [PROVIDER]`](#cg-policy-add-provider)\n* [`cg policy install [PROVIDER]`](#cg-policy-install-provider)\n* [`cg policy list [PROVIDER]`](#cg-policy-list-provider)\n* [`cg policy remove [PROVIDER]`](#cg-policy-remove-provider)\n* [`cg policy update [PROVIDER]`](#cg-policy-update-provider)\n* [`cg provider [PROVIDER]`](#cg-provider-provider)\n* [`cg provider add [PROVIDER]`](#cg-provider-add-provider)\n* [`cg provider install [PROVIDER]`](#cg-provider-install-provider)\n* [`cg provider list [PROVIDER]`](#cg-provider-list-provider)\n* [`cg provider remove [PROVIDER]`](#cg-provider-remove-provider)\n* [`cg provider update [PROVIDER]`](#cg-provider-update-provider)\n* [`cg scan [PROVIDER]`](#cg-scan-provider)\n* [`cg serve [PROVIDER]`](#cg-serve-provider)\n* [`cg teardown [PROVIDER]`](#cg-teardown-provider)\n* [`cg update [PROVIDER]`](#cg-update-provider)\n\n## `cg help [COMMAND]`\n\nDisplay help for cg.\n\n```\nUSAGE\n  $ cg help [COMMAND] [-n]\n\nARGUMENTS\n  COMMAND  Command to show help for.\n\nFLAGS\n  -n, --nested-commands  Include all nested commands in the output.\n\nDESCRIPTION\n  Display help for cg.\n```\n\n_See code: [@oclif/plugin-help](https://github.com/oclif/plugin-help/blob/v5.1.12/src/commands/help.ts)_\n\n## `cg init [PROVIDER]`\n\nSet initial configuration for providers\n\n```\nUSAGE\n  $ cg init [PROVIDER] [--dev] [-d \u003cvalue\u003e] [-s dgraph] [--directory \u003cvalue\u003e] [--no-serve] [-p \u003cvalue\u003e]\n    [-q playground|altair] [-l \u003cvalue\u003e] [--use-roles] [-P \u003cvalue\u003e] [-r]\n\nFLAGS\n  -P, --policies=\u003cvalue\u003e       Policy Packs to execute during scan\n  -d, --dgraph=\u003cvalue\u003e         Set where dgraph is running (default localhost:8997)\n  -l, --version-limit=\u003cvalue\u003e  Limit the amount of version folders stored on the filesystem (default 10)\n  -p, --port=\u003cvalue\u003e           Set port to serve query engine\n  -q, --query-engine=\u003coption\u003e  Query engine to launch\n                               \u003coptions: playground|altair\u003e\n  -r, --resources\n  -s, --storage=\u003coption\u003e       Select a storage engine to use. Currently only supports Dgraph\n                               \u003coptions: dgraph\u003e\n  --dev                        Turn on developer mode\n  --directory=\u003cvalue\u003e          Set the folder where CloudGraph will store data. (default cg)\n  --no-serve                   Set to not serve a query engine\n  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials\n\nDESCRIPTION\n  Set initial configuration for providers\n\nEXAMPLES\n  $ cg init\n\n  $ cg init aws [Initialize AWS provider]\n\n  $ cg init aws -r [Specify resources to crawl]\n```\n\n_See code: [src/commands/init.ts](https://github.com/cloudgraphdev/cli/blob/v0.25.1/src/commands/init.ts)_\n\n## `cg launch [PROVIDER]`\n\nLaunch an instance of Dgraph to store data\n\n```\nUSAGE\n  $ cg launch [PROVIDER] [--dev] [-d \u003cvalue\u003e] [-s dgraph] [--directory \u003cvalue\u003e] [--no-serve] [-p \u003cvalue\u003e]\n    [-q playground|altair] [-l \u003cvalue\u003e] [--use-roles] [-P \u003cvalue\u003e]\n\nFLAGS\n  -P, --policies=\u003cvalue\u003e       Policy Packs to execute during scan\n  -d, --dgraph=\u003cvalue\u003e         Set where dgraph is running (default localhost:8997)\n  -l, --version-limit=\u003cvalue\u003e  Limit the amount of version folders stored on the filesystem (default 10)\n  -p, --port=\u003cvalue\u003e           Set port to serve query engine\n  -q, --query-engine=\u003coption\u003e  Query engine to launch\n                               \u003coptions: playground|altair\u003e\n  -s, --storage=\u003coption\u003e       Select a storage engine to use. Currently only supports Dgraph\n                               \u003coptions: dgraph\u003e\n  --dev                        Turn on developer mode\n  --directory=\u003cvalue\u003e          Set the folder where CloudGraph will store data. (default cg)\n  --no-serve                   Set to not serve a query engine\n  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials\n\nDESCRIPTION\n  Launch an instance of Dgraph to store data\n\nEXAMPLES\n  $ cg launch\n```\n\n_See code: [src/commands/launch.ts](https://github.com/cloudgraphdev/cli/blob/v0.25.1/src/commands/launch.ts)_\n\n## `cg load [PROVIDER]`\n\nLoad a specific version of your CloudGraph data\n\n```\nUSAGE\n  $ cg load [PROVIDER] [--dev] [-d \u003cvalue\u003e] [-s dgraph] [--directory \u003cvalue\u003e] [--no-serve] [-p \u003cvalue\u003e]\n    [-q playground|altair] [-l \u003cvalue\u003e] [--use-roles] [-P \u003cvalue\u003e]\n\nFLAGS\n  -P, --policies=\u003cvalue\u003e       Policy Packs to execute during scan\n  -d, --dgraph=\u003cvalue\u003e         Set where dgraph is running (default localhost:8997)\n  -l, --version-limit=\u003cvalue\u003e  Limit the amount of version folders stored on the filesystem (default 10)\n  -p, --port=\u003cvalue\u003e           Set port to serve query engine\n  -q, --query-engine=\u003coption\u003e  Query engine to launch\n                               \u003coptions: playground|altair\u003e\n  -s, --storage=\u003coption\u003e       Select a storage engine to use. Currently only supports Dgraph\n                               \u003coptions: dgraph\u003e\n  --dev                        Turn on developer mode\n  --directory=\u003cvalue\u003e          Set the folder where CloudGraph will store data. (default cg)\n  --no-serve                   Set to not serve a query engine\n  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials\n\nDESCRIPTION\n  Load a specific version of your CloudGraph data\n\nEXAMPLES\n  $ cg load [Load data for all providers configured]\n\n  $ cg load aws [Load data for AWS]\n```\n\n_See code: [src/commands/load.ts](https://github.com/cloudgraphdev/cli/blob/v0.25.1/src/commands/load.ts)_\n\n## `cg policy [PROVIDER]`\n\nCommands to manage policy pack modules, run $ cg policy for more info.\n\n```\nUSAGE\n  $ cg policy [PROVIDER] [--dev] [-d \u003cvalue\u003e] [-s dgraph] [--directory \u003cvalue\u003e] [--no-serve] [-p \u003cvalue\u003e]\n    [-q playground|altair] [-l \u003cvalue\u003e] [--use-roles] [-P \u003cvalue\u003e]\n\nFLAGS\n  -P, --policies=\u003cvalue\u003e       Policy Packs to execute during scan\n  -d, --dgraph=\u003cvalue\u003e         Set where dgraph is running (default localhost:8997)\n  -l, --version-limit=\u003cvalue\u003e  Limit the amount of version folders stored on the filesystem (default 10)\n  -p, --port=\u003cvalue\u003e           Set port to serve query engine\n  -q, --query-engine=\u003coption\u003e  Query engine to launch\n                               \u003coptions: playground|altair\u003e\n  -s, --storage=\u003coption\u003e       Select a storage engine to use. Currently only supports Dgraph\n                               \u003coptions: dgraph\u003e\n  --dev                        Turn on developer mode\n  --directory=\u003cvalue\u003e          Set the folder where CloudGraph will store data. (default cg)\n  --no-serve                   Set to not serve a query engine\n  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials\n\nDESCRIPTION\n  Commands to manage policy pack modules, run $ cg policy for more info.\n```\n\n_See code: [src/commands/policy/index.ts](https://github.com/cloudgraphdev/cli/blob/v0.25.1/src/commands/policy/index.ts)_\n\n## `cg policy add [PROVIDER]`\n\nAdd new policy packs\n\n```\nUSAGE\n  $ cg policy add [PROVIDER] [--no-save] [--dev] [-d \u003cvalue\u003e] [-s dgraph] [--directory \u003cvalue\u003e] [--no-serve] [-p\n    \u003cvalue\u003e] [-q playground|altair] [-l \u003cvalue\u003e] [--use-roles] [-P \u003cvalue\u003e]\n\nFLAGS\n  -P, --policies=\u003cvalue\u003e       Policy Packs to execute during scan\n  -d, --dgraph=\u003cvalue\u003e         Set where dgraph is running (default localhost:8997)\n  -l, --version-limit=\u003cvalue\u003e  Limit the amount of version folders stored on the filesystem (default 10)\n  -p, --port=\u003cvalue\u003e           Set port to serve query engine\n  -q, --query-engine=\u003coption\u003e  Query engine to launch\n                               \u003coptions: playground|altair\u003e\n  -s, --storage=\u003coption\u003e       Select a storage engine to use. Currently only supports Dgraph\n                               \u003coptions: dgraph\u003e\n  --dev                        Turn on developer mode\n  --directory=\u003cvalue\u003e          Set the folder where CloudGraph will store data. (default cg)\n  --no-save                    Set to not alter lock file, just delete plugin\n  --no-serve                   Set to not serve a query engine\n  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials\n\nDESCRIPTION\n  Add new policy packs\n\nALIASES\n  $ cg add policy\n\nEXAMPLES\n  $ cg policy add aws-cis-1.2.0\n\n  $ cg policy add aws-cis-1.2.0@0.12.0\n```\n\n## `cg policy install [PROVIDER]`\n\nInstall policy packs based on the lock file\n\n```\nUSAGE\n  $ cg policy install [PROVIDER] [--no-save] [--dev] [-d \u003cvalue\u003e] [-s dgraph] [--directory \u003cvalue\u003e] [--no-serve] [-p\n    \u003cvalue\u003e] [-q playground|altair] [-l \u003cvalue\u003e] [--use-roles] [-P \u003cvalue\u003e]\n\nFLAGS\n  -P, --policies=\u003cvalue\u003e       Policy Packs to execute during scan\n  -d, --dgraph=\u003cvalue\u003e         Set where dgraph is running (default localhost:8997)\n  -l, --version-limit=\u003cvalue\u003e  Limit the amount of version folders stored on the filesystem (default 10)\n  -p, --port=\u003cvalue\u003e           Set port to serve query engine\n  -q, --query-engine=\u003coption\u003e  Query engine to launch\n                               \u003coptions: playground|altair\u003e\n  -s, --storage=\u003coption\u003e       Select a storage engine to use. Currently only supports Dgraph\n                               \u003coptions: dgraph\u003e\n  --dev                        Turn on developer mode\n  --directory=\u003cvalue\u003e          Set the folder where CloudGraph will store data. (default cg)\n  --no-save                    Set to not alter lock file, just delete plugin\n  --no-serve                   Set to not serve a query engine\n  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials\n\nDESCRIPTION\n  Install policy packs based on the lock file\n\nALIASES\n  $ cg install policy\n\nEXAMPLES\n  $ cg policy install\n```\n\n## `cg policy list [PROVIDER]`\n\nList currently installed policy packs and versions\n\n```\nUSAGE\n  $ cg policy list [PROVIDER] [--no-save] [--dev] [-d \u003cvalue\u003e] [-s dgraph] [--directory \u003cvalue\u003e] [--no-serve] [-p\n    \u003cvalue\u003e] [-q playground|altair] [-l \u003cvalue\u003e] [--use-roles] [-P \u003cvalue\u003e]\n\nFLAGS\n  -P, --policies=\u003cvalue\u003e       Policy Packs to execute during scan\n  -d, --dgraph=\u003cvalue\u003e         Set where dgraph is running (default localhost:8997)\n  -l, --version-limit=\u003cvalue\u003e  Limit the amount of version folders stored on the filesystem (default 10)\n  -p, --port=\u003cvalue\u003e           Set port to serve query engine\n  -q, --query-engine=\u003coption\u003e  Query engine to launch\n                               \u003coptions: playground|altair\u003e\n  -s, --storage=\u003coption\u003e       Select a storage engine to use. Currently only supports Dgraph\n                               \u003coptions: dgraph\u003e\n  --dev                        Turn on developer mode\n  --directory=\u003cvalue\u003e          Set the folder where CloudGraph will store data. (default cg)\n  --no-save                    Set to not alter lock file, just delete plugin\n  --no-serve                   Set to not serve a query engine\n  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials\n\nDESCRIPTION\n  List currently installed policy packs and versions\n\nALIASES\n  $ cg ls policy\n  $ cg list policy\n\nEXAMPLES\n  $ cg policy list\n\n  $ cg policy list aws\n```\n\n## `cg policy remove [PROVIDER]`\n\nRemove currently installed policy pack\n\n```\nUSAGE\n  $ cg policy remove [PROVIDER] [--no-save] [--dev] [-d \u003cvalue\u003e] [-s dgraph] [--directory \u003cvalue\u003e] [--no-serve] [-p\n    \u003cvalue\u003e] [-q playground|altair] [-l \u003cvalue\u003e] [--use-roles] [-P \u003cvalue\u003e]\n\nFLAGS\n  -P, --policies=\u003cvalue\u003e       Policy Packs to execute during scan\n  -d, --dgraph=\u003cvalue\u003e         Set where dgraph is running (default localhost:8997)\n  -l, --version-limit=\u003cvalue\u003e  Limit the amount of version folders stored on the filesystem (default 10)\n  -p, --port=\u003cvalue\u003e           Set port to serve query engine\n  -q, --query-engine=\u003coption\u003e  Query engine to launch\n                               \u003coptions: playground|altair\u003e\n  -s, --storage=\u003coption\u003e       Select a storage engine to use. Currently only supports Dgraph\n                               \u003coptions: dgraph\u003e\n  --dev                        Turn on developer mode\n  --directory=\u003cvalue\u003e          Set the folder where CloudGraph will store data. (default cg)\n  --no-save                    Set to not alter lock file, just delete plugin\n  --no-serve                   Set to not serve a query engine\n  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials\n\nDESCRIPTION\n  Remove currently installed policy pack\n\nALIASES\n  $ cg remove policy\n  $ cg policy remove\n  $ cg policy rm\n  $ cg del policy\n  $ cg rm policy\n\nEXAMPLES\n  $ cg policy remove\n\n  $ cg policy remove aws-cis-1.2.0\n\n  $ cg policy remove aws-cis-1.2.0 --no-save\n```\n\n## `cg policy update [PROVIDER]`\n\nUpdate currently installed policy packs\n\n```\nUSAGE\n  $ cg policy update [PROVIDER] [--no-save] [--dev] [-d \u003cvalue\u003e] [-s dgraph] [--directory \u003cvalue\u003e] [--no-serve] [-p\n    \u003cvalue\u003e] [-q playground|altair] [-l \u003cvalue\u003e] [--use-roles] [-P \u003cvalue\u003e]\n\nFLAGS\n  -P, --policies=\u003cvalue\u003e       Policy Packs to execute during scan\n  -d, --dgraph=\u003cvalue\u003e         Set where dgraph is running (default localhost:8997)\n  -l, --version-limit=\u003cvalue\u003e  Limit the amount of version folders stored on the filesystem (default 10)\n  -p, --port=\u003cvalue\u003e           Set port to serve query engine\n  -q, --query-engine=\u003coption\u003e  Query engine to launch\n                               \u003coptions: playground|altair\u003e\n  -s, --storage=\u003coption\u003e       Select a storage engine to use. Currently only supports Dgraph\n                               \u003coptions: dgraph\u003e\n  --dev                        Turn on developer mode\n  --directory=\u003cvalue\u003e          Set the folder where CloudGraph will store data. (default cg)\n  --no-save                    Set to not alter lock file, just delete plugin\n  --no-serve                   Set to not serve a query engine\n  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials\n\nDESCRIPTION\n  Update currently installed policy packs\n\nEXAMPLES\n  $ cg policy update\n\n  $ cg policy update aws-cis-1.2.0\n\n  $ cg policy update aws-cis-1.2.0@0.12.0\n```\n\n## `cg provider [PROVIDER]`\n\nCommands to manage provider modules, run $ cg provider for more info.\n\n```\nUSAGE\n  $ cg provider [PROVIDER] [--dev] [-d \u003cvalue\u003e] [-s dgraph] [--directory \u003cvalue\u003e] [--no-serve] [-p \u003cvalue\u003e]\n    [-q playground|altair] [-l \u003cvalue\u003e] [--use-roles] [-P \u003cvalue\u003e]\n\nFLAGS\n  -P, --policies=\u003cvalue\u003e       Policy Packs to execute during scan\n  -d, --dgraph=\u003cvalue\u003e         Set where dgraph is running (default localhost:8997)\n  -l, --version-limit=\u003cvalue\u003e  Limit the amount of version folders stored on the filesystem (default 10)\n  -p, --port=\u003cvalue\u003e           Set port to serve query engine\n  -q, --query-engine=\u003coption\u003e  Query engine to launch\n                               \u003coptions: playground|altair\u003e\n  -s, --storage=\u003coption\u003e       Select a storage engine to use. Currently only supports Dgraph\n                               \u003coptions: dgraph\u003e\n  --dev                        Turn on developer mode\n  --directory=\u003cvalue\u003e          Set the folder where CloudGraph will store data. (default cg)\n  --no-serve                   Set to not serve a query engine\n  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials\n\nDESCRIPTION\n  Commands to manage provider modules, run $ cg provider for more info.\n```\n\n_See code: [src/commands/provider/index.ts](https://github.com/cloudgraphdev/cli/blob/v0.25.1/src/commands/provider/index.ts)_\n\n## `cg provider add [PROVIDER]`\n\nAdd new providers\n\n```\nUSAGE\n  $ cg provider add [PROVIDER] [--no-save] [--dev] [-d \u003cvalue\u003e] [-s dgraph] [--directory \u003cvalue\u003e] [--no-serve] [-p\n    \u003cvalue\u003e] [-q playground|altair] [-l \u003cvalue\u003e] [--use-roles] [-P \u003cvalue\u003e]\n\nFLAGS\n  -P, --policies=\u003cvalue\u003e       Policy Packs to execute during scan\n  -d, --dgraph=\u003cvalue\u003e         Set where dgraph is running (default localhost:8997)\n  -l, --version-limit=\u003cvalue\u003e  Limit the amount of version folders stored on the filesystem (default 10)\n  -p, --port=\u003cvalue\u003e           Set port to serve query engine\n  -q, --query-engine=\u003coption\u003e  Query engine to launch\n                               \u003coptions: playground|altair\u003e\n  -s, --storage=\u003coption\u003e       Select a storage engine to use. Currently only supports Dgraph\n                               \u003coptions: dgraph\u003e\n  --dev                        Turn on developer mode\n  --directory=\u003cvalue\u003e          Set the folder where CloudGraph will store data. (default cg)\n  --no-save                    Set to not alter lock file, just delete plugin\n  --no-serve                   Set to not serve a query engine\n  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials\n\nDESCRIPTION\n  Add new providers\n\nALIASES\n  $ cg add provider\n\nEXAMPLES\n  $ cg provider add aws\n\n  $ cg provider add aws@0.12.0\n```\n\n## `cg provider install [PROVIDER]`\n\nInstall providers based on the lock file\n\n```\nUSAGE\n  $ cg provider install [PROVIDER] [--no-save] [--dev] [-d \u003cvalue\u003e] [-s dgraph] [--directory \u003cvalue\u003e] [--no-serve] [-p\n    \u003cvalue\u003e] [-q playground|altair] [-l \u003cvalue\u003e] [--use-roles] [-P \u003cvalue\u003e]\n\nFLAGS\n  -P, --policies=\u003cvalue\u003e       Policy Packs to execute during scan\n  -d, --dgraph=\u003cvalue\u003e         Set where dgraph is running (default localhost:8997)\n  -l, --version-limit=\u003cvalue\u003e  Limit the amount of version folders stored on the filesystem (default 10)\n  -p, --port=\u003cvalue\u003e           Set port to serve query engine\n  -q, --query-engine=\u003coption\u003e  Query engine to launch\n                               \u003coptions: playground|altair\u003e\n  -s, --storage=\u003coption\u003e       Select a storage engine to use. Currently only supports Dgraph\n                               \u003coptions: dgraph\u003e\n  --dev                        Turn on developer mode\n  --directory=\u003cvalue\u003e          Set the folder where CloudGraph will store data. (default cg)\n  --no-save                    Set to not alter lock file, just delete plugin\n  --no-serve                   Set to not serve a query engine\n  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials\n\nDESCRIPTION\n  Install providers based on the lock file\n\nALIASES\n  $ cg install provider\n\nEXAMPLES\n  $ cg provider install\n```\n\n## `cg provider list [PROVIDER]`\n\nList currently installed providers and versions\n\n```\nUSAGE\n  $ cg provider list [PROVIDER] [--no-save] [--dev] [-d \u003cvalue\u003e] [-s dgraph] [--directory \u003cvalue\u003e] [--no-serve] [-p\n    \u003cvalue\u003e] [-q playground|altair] [-l \u003cvalue\u003e] [--use-roles] [-P \u003cvalue\u003e]\n\nFLAGS\n  -P, --policies=\u003cvalue\u003e       Policy Packs to execute during scan\n  -d, --dgraph=\u003cvalue\u003e         Set where dgraph is running (default localhost:8997)\n  -l, --version-limit=\u003cvalue\u003e  Limit the amount of version folders stored on the filesystem (default 10)\n  -p, --port=\u003cvalue\u003e           Set port to serve query engine\n  -q, --query-engine=\u003coption\u003e  Query engine to launch\n                               \u003coptions: playground|altair\u003e\n  -s, --storage=\u003coption\u003e       Select a storage engine to use. Currently only supports Dgraph\n                               \u003coptions: dgraph\u003e\n  --dev                        Turn on developer mode\n  --directory=\u003cvalue\u003e          Set the folder where CloudGraph will store data. (default cg)\n  --no-save                    Set to not alter lock file, just delete plugin\n  --no-serve                   Set to not serve a query engine\n  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials\n\nDESCRIPTION\n  List currently installed providers and versions\n\nALIASES\n  $ cg ls provider\n  $ cg list provider\n\nEXAMPLES\n  $ cg provider list\n\n  $ cg provider list aws\n```\n\n## `cg provider remove [PROVIDER]`\n\nRemove currently installed provider\n\n```\nUSAGE\n  $ cg provider remove [PROVIDER] [--no-save] [--dev] [-d \u003cvalue\u003e] [-s dgraph] [--directory \u003cvalue\u003e] [--no-serve] [-p\n    \u003cvalue\u003e] [-q playground|altair] [-l \u003cvalue\u003e] [--use-roles] [-P \u003cvalue\u003e]\n\nFLAGS\n  -P, --policies=\u003cvalue\u003e       Policy Packs to execute during scan\n  -d, --dgraph=\u003cvalue\u003e         Set where dgraph is running (default localhost:8997)\n  -l, --version-limit=\u003cvalue\u003e  Limit the amount of version folders stored on the filesystem (default 10)\n  -p, --port=\u003cvalue\u003e           Set port to serve query engine\n  -q, --query-engine=\u003coption\u003e  Query engine to launch\n                               \u003coptions: playground|altair\u003e\n  -s, --storage=\u003coption\u003e       Select a storage engine to use. Currently only supports Dgraph\n                               \u003coptions: dgraph\u003e\n  --dev                        Turn on developer mode\n  --directory=\u003cvalue\u003e          Set the folder where CloudGraph will store data. (default cg)\n  --no-save                    Set to not alter lock file, just delete plugin\n  --no-serve                   Set to not serve a query engine\n  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials\n\nDESCRIPTION\n  Remove currently installed provider\n\nALIASES\n  $ cg remove provider\n  $ cg provider remove\n  $ cg provider rm\n  $ cg del provider\n  $ cg rm provider\n\nEXAMPLES\n  $ cg provider remove\n\n  $ cg provider remove aws\n\n  $ cg provider remove aws --no-save\n```\n\n## `cg provider update [PROVIDER]`\n\nUpdate currently installed providers\n\n```\nUSAGE\n  $ cg provider update [PROVIDER] [--no-save] [--dev] [-d \u003cvalue\u003e] [-s dgraph] [--directory \u003cvalue\u003e] [--no-serve] [-p\n    \u003cvalue\u003e] [-q playground|altair] [-l \u003cvalue\u003e] [--use-roles] [-P \u003cvalue\u003e]\n\nFLAGS\n  -P, --policies=\u003cvalue\u003e       Policy Packs to execute during scan\n  -d, --dgraph=\u003cvalue\u003e         Set where dgraph is running (default localhost:8997)\n  -l, --version-limit=\u003cvalue\u003e  Limit the amount of version folders stored on the filesystem (default 10)\n  -p, --port=\u003cvalue\u003e           Set port to serve query engine\n  -q, --query-engine=\u003coption\u003e  Query engine to launch\n                               \u003coptions: playground|altair\u003e\n  -s, --storage=\u003coption\u003e       Select a storage engine to use. Currently only supports Dgraph\n                               \u003coptions: dgraph\u003e\n  --dev                        Turn on developer mode\n  --directory=\u003cvalue\u003e          Set the folder where CloudGraph will store data. (default cg)\n  --no-save                    Set to not alter lock file, just delete plugin\n  --no-serve                   Set to not serve a query engine\n  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials\n\nDESCRIPTION\n  Update currently installed providers\n\nEXAMPLES\n  $ cg provider update\n\n  $ cg provider update aws\n\n  $ cg provider update aws@0.12.0\n```\n\n## `cg scan [PROVIDER]`\n\nScan one or multiple providers data to be queried through Dgraph\n\n```\nUSAGE\n  $ cg scan [PROVIDER] [--dev] [-d \u003cvalue\u003e] [-s dgraph] [--directory \u003cvalue\u003e] [--no-serve] [-p \u003cvalue\u003e]\n    [-q playground|altair] [-l \u003cvalue\u003e] [--use-roles] [-P \u003cvalue\u003e]\n\nFLAGS\n  -P, --policies=\u003cvalue\u003e       Policy Packs to execute during scan\n  -d, --dgraph=\u003cvalue\u003e         Set where dgraph is running (default localhost:8997)\n  -l, --version-limit=\u003cvalue\u003e  Limit the amount of version folders stored on the filesystem (default 10)\n  -p, --port=\u003cvalue\u003e           Set port to serve query engine\n  -q, --query-engine=\u003coption\u003e  Query engine to launch\n                               \u003coptions: playground|altair\u003e\n  -s, --storage=\u003coption\u003e       Select a storage engine to use. Currently only supports Dgraph\n                               \u003coptions: dgraph\u003e\n  --dev                        Turn on developer mode\n  --directory=\u003cvalue\u003e          Set the folder where CloudGraph will store data. (default cg)\n  --no-serve                   Set to not serve a query engine\n  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials\n\nDESCRIPTION\n  Scan one or multiple providers data to be queried through Dgraph\n\nEXAMPLES\n  $ cg scan\n\n  $ cg scan aws\n\n  $ cg scan aws --dgraph http://localhost:1000 [Save data in dgraph running on port 1000]\n\n  $ cg scan aws --no-serve [Do not start the query engine]\n```\n\n_See code: [src/commands/scan.ts](https://github.com/cloudgraphdev/cli/blob/v0.25.1/src/commands/scan.ts)_\n\n## `cg serve [PROVIDER]`\n\nServe a GraphQL query tool to query your CloudGraph data.\n\n```\nUSAGE\n  $ cg serve [PROVIDER] [--dev] [-d \u003cvalue\u003e] [-s dgraph] [--directory \u003cvalue\u003e] [--no-serve] [-p \u003cvalue\u003e]\n    [-q playground|altair] [-l \u003cvalue\u003e] [--use-roles] [-P \u003cvalue\u003e]\n\nFLAGS\n  -P, --policies=\u003cvalue\u003e       Policy Packs to execute during scan\n  -d, --dgraph=\u003cvalue\u003e         Set where dgraph is running (default localhost:8997)\n  -l, --version-limit=\u003cvalue\u003e  Limit the amount of version folders stored on the filesystem (default 10)\n  -p, --port=\u003cvalue\u003e           Set port to serve query engine\n  -q, --query-engine=\u003coption\u003e  Query engine to launch\n                               \u003coptions: playground|altair\u003e\n  -s, --storage=\u003coption\u003e       Select a storage engine to use. Currently only supports Dgraph\n                               \u003coptions: dgraph\u003e\n  --dev                        Turn on developer mode\n  --directory=\u003cvalue\u003e          Set the folder where CloudGraph will store data. (default cg)\n  --no-serve                   Set to not serve a query engine\n  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials\n\nDESCRIPTION\n  Serve a GraphQL query tool to query your CloudGraph data.\n\nEXAMPLES\n  $ cg serve\n```\n\n_See code: [src/commands/serve.ts](https://github.com/cloudgraphdev/cli/blob/v0.25.1/src/commands/serve.ts)_\n\n## `cg teardown [PROVIDER]`\n\nStops the Dgraph Docker container.\n\n```\nUSAGE\n  $ cg teardown [PROVIDER] [--delete-image]\n\nFLAGS\n  --delete-image  Remove dgraph docker image after stopping it\n\nDESCRIPTION\n  Stops the Dgraph Docker container.\n\nEXAMPLES\n  $ cg teardown\n\n  $ cg teardown --delete-image\n```\n\n_See code: [src/commands/teardown.ts](https://github.com/cloudgraphdev/cli/blob/v0.25.1/src/commands/teardown.ts)_\n\n## `cg update [PROVIDER]`\n\nUpgrade currently installed plugins.\n\n```\nUSAGE\n  $ cg update [PROVIDER] [--no-save] [--dev] [-d \u003cvalue\u003e] [-s dgraph] [--directory \u003cvalue\u003e] [--no-serve] [-p\n    \u003cvalue\u003e] [-q playground|altair] [-l \u003cvalue\u003e] [--use-roles] [-P \u003cvalue\u003e]\n\nFLAGS\n  -P, --policies=\u003cvalue\u003e       Policy Packs to execute during scan\n  -d, --dgraph=\u003cvalue\u003e         Set where dgraph is running (default localhost:8997)\n  -l, --version-limit=\u003cvalue\u003e  Limit the amount of version folders stored on the filesystem (default 10)\n  -p, --port=\u003cvalue\u003e           Set port to serve query engine\n  -q, --query-engine=\u003coption\u003e  Query engine to launch\n                               \u003coptions: playground|altair\u003e\n  -s, --storage=\u003coption\u003e       Select a storage engine to use. Currently only supports Dgraph\n                               \u003coptions: dgraph\u003e\n  --dev                        Turn on developer mode\n  --directory=\u003cvalue\u003e          Set the folder where CloudGraph will store data. (default cg)\n  --no-save                    Set to not alter lock file, just delete plugin\n  --no-serve                   Set to not serve a query engine\n  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials\n\nDESCRIPTION\n  Upgrade currently installed plugins.\n\nALIASES\n  $ cg update\n\nEXAMPLES\n  $ cg update\n```\n\n_See code: [src/commands/update.ts](https://github.com/cloudgraphdev/cli/blob/v0.25.1/src/commands/update.ts)_\n\u003c!-- commandsstop --\u003e\n","funding_links":[],"categories":["Multi-Cloud","TypeScript","Cloud asset inventory"],"sub_categories":["Threat modelling"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudgraphdev%2Fcli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcloudgraphdev%2Fcli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudgraphdev%2Fcli/lists"}