turbot/alicloud_compliance

Query: ram_root_account_no_access_keys

Usage

powerpipe query alicloud_compliance.query.ram_root_account_no_access_keys

SQL

select
'acs:ram::' || account_id || ':user/' || user_name as resource,
case
when access_key_1_active
or access_key_2_active then 'alarm'
else 'ok'
end as status,
case
when access_key_1_active
or access_key_2_active then 'Root account access key exists.'
else 'No root account access keys exist.'
end as reason,
account_id as account_id
from
alicloud_ram_credential_report
where
user_name = '<root>';

Controls

The query is being used by the following controls: