CloudQuery
LightNews LightNews
banner
cloudquery.bsky.social
CloudQuery
@cloudquery.bsky.social
18 followers 10 following 580 posts
Data pipelines for cloud config and security data. Build cloud asset inventory, CSPM, FinOps, and vulnerability management solutions. Extract from AWS, Azure, GCP, and 70+ cloud and SaaS sources.
Posts Media Videos Starter Packs
cloudquery.bsky.social
CloudQuery @cloudquery.bsky.social · 2d
Organizations extracting maximum value understand they're implementing a business capability, not deploying a technical solution.

Full breakdown: https://www.cloudquery.io/blog/five-tips-maximum-value-cloud-asset-inventory
cloudquery.bsky.social
CloudQuery @cloudquery.bsky.social · 2d
5/ Plan for continuous improvement and scale

Technology changes. Priorities shift. Cloud environments expand.

Your asset inventory should adapt to organizational change without major re-architecture.
cloudquery.bsky.social
CloudQuery @cloudquery.bsky.social · 2d
4/ Provide actionable intelligence, not just data

When someone discovers an unencrypted database, they should remediate immediately—not just report it.

Connect your inventory to build pipelines, alerting systems, and remediation workflows.
cloudquery.bsky.social
CloudQuery @cloudquery.bsky.social · 2d
3/ Prioritize high-impact use cases first

Don't boil the ocean. Find your highest-value problem—upcoming audit, Q4 cost optimization, security gaps.

Solve it completely. Demonstrate clear ROI. Then expand.
cloudquery.bsky.social
CloudQuery @cloudquery.bsky.social · 2d
2/ Engage stakeholders across teams

Your inventory isn't an IT project—it's a business capability.

Include FinOps, security, compliance, development, and operations as co-owners from day one. Not just users.
cloudquery.bsky.social
CloudQuery @cloudquery.bsky.social · 2d
1/ Business outcomes over technical features

Don't build it because you can. Draw a direct line from every feature to revenue protection, cost savings, or risk reduction.

If you can't explain the business value in one sentence, don't build it.
cloudquery.bsky.social
CloudQuery @cloudquery.bsky.social · 2d
If these questions take more than 30 seconds to answer, your cloud asset inventory needs work.

Here's what we learned from AWS PSA Keegan Marazzi about building asset inventories that actually get used:
cloudquery.bsky.social
CloudQuery @cloudquery.bsky.social · 2d
You manage 4,782 cloud resources across 6 accounts. Can you tell me which S3 buckets are publicly accessible right now? Which IAM roles haven't been used in 90 days? 🧵
7
cloudquery.bsky.social
CloudQuery @cloudquery.bsky.social · 3d
Traditional CMDBs solved a real problem in 2006. That world doesn't exist anymore.

Infrastructure is code. Resources are ephemeral. APIs provide real-time state.

Stop forcing cloud into 20-year-old models.

Full comparison: https://www.cloudquery.io/blog/cloud-cmdb-vs-traditional-cmdb-2026
cloudquery.bsky.social
CloudQuery @cloudquery.bsky.social · 3d
Security incident example: "Find all public-facing servers with SSH open to 0.0.0.0/0"

Traditional CMDB: Run discovery scan (2 hrs), wait for reconciliation (30 min), manual Excel export. Data already outdated.

Cloud CMDB: One SQL query, under a second.
cloudquery.bsky.social
CloudQuery @cloudquery.bsky.social · 3d
Data model gap: Traditional Server CI captures ~10 attributes (hostname, IP, OS).

AWS EC2 instance has 50+ attributes (instance type, VPC, security groups, IAM role, tags, EBS volumes, network interfaces).

Traditional CIs miss 80% of what matters in the cloud.
cloudquery.bsky.social
CloudQuery @cloudquery.bsky.social · 3d
Cloud CMDB approach:
- Call cloud provider APIs directly
- Get current state in under a second
- Store native resource attributes in SQL
- Query on-demand with standard SQL

Implementation time: hours.
cloudquery.bsky.social
CloudQuery @cloudquery.bsky.social · 3d
Traditional CMDB workflow:
- Install agents on every server
- Schedule discovery scans (daily/hourly)
- Reconcile duplicates
- Force resources into CI templates
- Data is 12-24 hours stale

Implementation time: 2-3 months minimum.
cloudquery.bsky.social
CloudQuery @cloudquery.bsky.social · 3d
Gartner reports 70-80% of traditional CMDB projects fail to deliver value.

The reason: agent-based discovery, scheduled scans, and ITIL Configuration Items designed for physical servers can't handle ephemeral cloud infrastructure.
cloudquery.bsky.social
CloudQuery @cloudquery.bsky.social · 3d
Traditional CMDBs were built for servers with names like "web-prod-01" that run for years.

In 2026, that EC2 instance running your Lambda cold start lives for 45 seconds.

Traditional CMDB discovery would schedule a scan for tomorrow. By then, it's gone. 🧵
6
cloudquery.bsky.social
CloudQuery @cloudquery.bsky.social · 5d
Challenge 3: Real-time security

Security asks for public S3 buckets at 9:30 AM. CMDB last scan ran at 3:00 AM. You schedule new discovery. Wait 2 hours. Export. Filter manually.

Results at 12:15 PM. But 200 new buckets created since 9:30 AM aren't in your report.
cloudquery.bsky.social
CloudQuery @cloudquery.bsky.social · 5d
Solution: Use native cloud schemas

Store resources using cloud provider data models. EC2 instances keep all 50+ AWS attributes. Query with SQL using actual cloud field names.

No expensive customization projects. No $50K professional services. Just native schemas.
cloudquery.bsky.social
CloudQuery @cloudquery.bsky.social · 5d
Challenge 2: Data model mismatch

EC2 instance has 50+ attributes: vpc_id, security_groups, iam_instance_profile, tags, subnet_id, launch_time, availability_zone.

Server CI template captures maybe 10: hostname, IP, OS, memory, CPU.

80% of cloud attributes lost in translation.
cloudquery.bsky.social
CloudQuery @cloudquery.bsky.social · 5d
Solution: API-based continuous sync

AWS DescribeInstances returns current state in under 1 second. No agents. No discovery schedules. No reconciliation logic.

Query cloud provider APIs continuously. Capture ephemeral resources. Get exactly what exists right now.
cloudquery.bsky.social
CloudQuery @cloudquery.bsky.social · 5d
Challenge 1: Ephemeral resources

Auto-scaling instances live 15 minutes. Lambda environments exist 45 seconds. Spot instances terminate without warning.

Agent-based discovery requires installing software. How do you install agents on resources that live for seconds?
cloudquery.bsky.social
CloudQuery @cloudquery.bsky.social · 5d
Your CMDB shows 847 EC2 instances. AWS console reports 1,203 running right now.

Security needs a list of unencrypted S3 buckets in 30 minutes. Your last discovery scan ran 18 hours ago.

Traditional CMDBs fail 70-80% of the time. Here's why, and what works instead →
5
cloudquery.bsky.social
CloudQuery @cloudquery.bsky.social · 15d
Do you know we have a referral program? If you know someone who needs better cloud data infrastructure? Send them our way and earn a $500 Visa gift card when they become a customer.

Check out the full program details:
Introducing the CloudQuery Referral Program - Earn $500 | CloudQuery Blog
Share CloudQuery with your network and earn account credits for every successful referral. Help more teams discover the power of infrastructure data and get rewarded for spreading the word.
buff.ly
cloudquery.bsky.social
CloudQuery @cloudquery.bsky.social · 17d
You can check out the full video here: www.youtube.com/watch?v=d-ln...
cloudquery.bsky.social
CloudQuery @cloudquery.bsky.social · 17d
Technology is the easy part. Organizational adoption determines whether your cloud asset inventory becomes an essential business tool or another abandoned data project.

Full breakdown: www.cloudquery.io/blog/five-ti...
1
cloudquery.bsky.social
CloudQuery @cloudquery.bsky.social · 17d
Five principles that separate successful programs from abandoned data projects:

- Business outcomes over technical features
- Engage stakeholders across teams
- Prioritize high-impact use cases
- Provide actionable intelligence
- Plan for continuous improvement
1