Comparisons
Steampipe vs CloudQuery: Architecture and Trade-offs
TL;DR:
Steampipe queries cloud APIs in real time from the terminal. CloudQuery syncs cloud configuration into a persistent inventory with policy enforcement, automations, and team collaboration. Choose Steampipe for ad hoc investigations; choose CloudQuery when you need ongoing governance across teams.
What Is Steampipe? #
Steampipe is an open-source CLI tool built by Turbot that lets you query cloud APIs and services using SQL. It bundles a PostgreSQL instance and uses Foreign Data Wrappers (FDWs) to translate SQL queries into live API calls, so you get results directly from the source without first loading data into a database.
The project reached v1.0 in October 2024 and is currently at v2.3.6 as of February 2026. It has roughly 7,700 stars on GitHub and supports 153 plugins covering AWS, Azure, GCP, Kubernetes, GitHub, Microsoft 365, Salesforce, and dozens of other services, exposing over 2,000 queryable tables in total.
How Steampipe Works #
When you run a SQL query in Steampipe, the embedded PostgreSQL engine delegates each table scan to the relevant plugin, which calls the cloud API in real time. Results are not stored after the query finishes. This "zero-ETL" model means you always see the current state of your infrastructure, but you cannot look back at how things were configured yesterday without re-querying.
The Turbot Pipes Ecosystem #
Steampipe is one piece of a broader open-source ecosystem from Turbot:
- Powerpipe adds dashboards, benchmarks, and reports on top of Steampipe data. It includes pre-built compliance mods for CIS, NIST, PCI DSS, and other frameworks.
- Flowpipe provides workflow automation ("pipelines as code") so you can act on Steampipe findings, for example, sending a Slack alert when a public S3 bucket is detected.
- Tailpipe is a newer tool for SQL-based log analysis, built on DuckDB. It covers AWS CloudTrail, Azure activity logs, and other event sources.
- Turbot Pipes is the managed cloud service that hosts Steampipe, Powerpipe, and Flowpipe together, adding shared workspaces, scheduled queries, and enterprise features like disabling direct PostgreSQL access.
This ecosystem has grown steadily. Turbot runs quarterly launch weeks and shipped MCP servers for AI agent integration, DuckLake-backed log storage in Tailpipe, and enterprise controls for Pipes throughout 2025.
What Is CloudQuery? #
CloudQuery is a cloud asset inventory and governance platform. Unlike Steampipe's query-time API calls, CloudQuery syncs cloud configuration into a persistent data store on a schedule, giving you a point-in-time snapshot you can query, compare, and share.
CloudQuery connects to over 70 cloud and SaaS sources including AWS, Azure, GCP, Kubernetes, Wiz, Okta, PagerDuty, and Cloudflare. Data can be written to multiple destinations such as PostgreSQL, BigQuery, Snowflake, and S3.
CloudQuery Platform #
The CloudQuery Platform is the managed SaaS layer that goes beyond the CLI:
- Cloud Asset Inventory: A continuously synced, normalized view of resources across all connected accounts and providers.
- Automations: Event-driven workflows that trigger on policy violations, configuration drift, or schedule. For example, auto-tagging untagged resources or opening a Jira ticket when a security group allows 0.0.0.0/0.
- AI Assistant: A natural-language query interface that translates questions like "which EC2 instances are missing IMDSv2?" into SQL and returns results.
- Enterprise features: SSO, RBAC, audit logs, and tenant isolation for organizations that need access controls across teams.
How CloudQuery Works #
CloudQuery runs syncs, either on a schedule or on demand, that call cloud provider APIs and write the results to your chosen database. Because the data is persisted, you can:
- Run queries without hitting API rate limits
- Compare snapshots over time to detect drift
- Build dashboards and alerts on stable data
- Share results across security, platform, and finance teams
Architecture Comparison #
The core architectural difference is when data is fetched:
This trade-off shapes when each tool fits best. Steampipe's live queries mean zero infrastructure and always-current results, but they become slower as account counts grow. CloudQuery's synced snapshots require storage and sync schedules, but queries are fast regardless of estate size and the data is available for historical analysis.
Plugin and Integration Ecosystem #
Steampipe has a larger plugin count (153 plugins, 2,000+ tables) and covers more SaaS and developer-tool APIs. Its plugin SDK uses Go and follows a standardized pattern, which has encouraged community contributions.
CloudQuery supports over 70 source integrations with a focus on cloud infrastructure, security tools, and FinOps data. Its plugin SDK also uses Go, with additional support for Python, Java, and JavaScript. CloudQuery's destination plugin model means you can write synced data to any supported warehouse or lake, which Steampipe does not offer natively.
Both tools support AWS, Azure, GCP, Kubernetes, and GitHub. If you need a specific SaaS connector, check each hub before deciding.
Who Is Each Tool For? #
Steampipe fits well when you: #
- Need quick, ad hoc answers from live cloud APIs
- Prefer working in the terminal
- Want minimal infrastructure (no database to manage)
- Operate a small-to-medium cloud estate (fewer than a few thousand accounts)
- Already use Powerpipe mods for compliance benchmarks
CloudQuery fits well when you: #
- Need a persistent, queryable inventory across multiple clouds
- Enforce governance policies with continuous evaluation and alerting
- Want historical data to track configuration drift over time
- Have multiple teams (security, platform, finance) sharing cloud visibility
- Run a large estate where live API queries would be too slow or costly
- Need enterprise controls like SSO, RBAC, and audit logs
Pricing and Cost Comparison #
Both tools offer free tiers, but the pricing models differ as you scale.
Steampipe is open-source under the AGPLv3 license. The CLI, plugins, Powerpipe, Flowpipe, and Tailpipe are all free to run locally. Turbot Pipes, the managed cloud service, starts with a free Developer plan (single user, 3 connections) and scales to Team ($10/user/month) and Enterprise tiers with shared workspaces, scheduled queries, and audit controls. Costs grow primarily with user count and workspace usage.
CloudQuery offers a free tier that includes the CLI and a limited number of synced resources. Paid plans scale based on the number of resources synced across your cloud accounts. The Platform tiers add policies, automations, SSO, RBAC, and dedicated support. Because CloudQuery syncs data once and lets you query it repeatedly, you avoid the API call costs that come with Steampipe's live-query model at scale.
The key cost difference shows up in large environments: Steampipe's per-query API calls can hit rate limits and slow down across thousands of accounts, while CloudQuery's sync-once model keeps query costs flat regardless of how many times teams run reports.
Can You Use Both? #
Yes. Some teams use Steampipe for fast, one-off investigations and CloudQuery for their production governance program. The tools do not conflict because they serve different parts of the workflow: Steampipe answers "what does the infrastructure look like right now?" while CloudQuery answers "what changed, who is out of policy, and what should we do about it?"
How Do They Compare Side by Side? #
Both tools are actively maintained and solve real problems. The right choice depends on whether you need live, on-demand answers or a persistent, governed inventory that scales across your organization.
See Why Teams Choose CloudQuery Over Steampipe
See how CloudQuery's persistent data layer, SQL-based policies, and 70+ integrations compare to Steampipe's live-query approach. Or check out the documentation.
Frequently Asked Questions #
Is Steampipe free? #
Yes. Steampipe is open-source under the AGPLv3 license. Turbot Pipes, the managed cloud service, offers free and paid tiers for team workspaces, scheduled queries, and enterprise features.
Does CloudQuery replace Steampipe? #
Not necessarily. They solve different problems. Steampipe is built for real-time, ad hoc queries from the terminal. CloudQuery is built for persistent inventory, governance policies, and team collaboration. Some teams run both.
Can Steampipe query historical data? #
No. Steampipe queries live APIs at query time, so it always returns the current state. If you need to compare how infrastructure looked last week versus today, you need a tool that persists snapshots, which is what CloudQuery does.
Does CloudQuery support real-time queries? #
CloudQuery syncs data on a schedule (as frequently as every few minutes). Queries run against the last synced snapshot, not live APIs. This means results are minutes old at most, but you avoid API rate limits and get faster query performance on large estates.
Which tool has more integrations? #
Steampipe has a larger plugin count with 153 plugins and 2,000+ tables. CloudQuery supports over 70 source integrations with a focus on cloud infrastructure and security tools, plus multiple destination options for writing data to your preferred warehouse.
Can I use Steampipe with CloudQuery? #
The tools do not share plugins or configuration, but they can coexist. A common pattern is using Steampipe for quick terminal-based investigations while CloudQuery handles your production governance and compliance program.
What databases does CloudQuery support? #
CloudQuery can write synced data to PostgreSQL, BigQuery, Snowflake, S3, and other destinations. Steampipe bundles an embedded PostgreSQL instance and does not support writing to external databases natively.
Which tool is better for compliance? #
For continuous compliance programs with policy enforcement, alerting, and audit trails, CloudQuery Platform's Policies are purpose-built. Steampipe paired with Powerpipe offers compliance benchmarks (CIS, NIST, PCI) for point-in-time checks from the terminal.
Take the Next Step #
If you want to see how CloudQuery fits your cloud environment, we can walk you through a tailored demo. Schedule a call with our team.
