e:["$","$L15",null,{"pluginData":{"readme":"$16","sourceInfo":"$17","engines":["steampipe","sqlite","postgres","export"],"organization":"Turbot","category":["public cloud"],"iconUrl":"/images/plugins/turbot/alicloud.svg","brandColor":"#FF6600","displayName":"Alibaba Cloud","name":"alicloud","description":"Steampipe plugin for querying Alibaba Cloud servers, databases, networks, and other resources.","ogDescription":"Query Alibaba Cloud with SQL! Open source CLI. No DB required.","ogImage":"/images/plugins/turbot/alicloud-social-graphic.png","org":"turbot","version":"1.3.0","latestImageId":"sha256:2ce60b995a7ff28f1605e693f53b456f88fc63b5ca204851b6a54917b9f8a43e","latestVersion":"1.3.0","mods":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance","org":"turbot","name":"steampipe-mod-alicloud-compliance","title":"Alibaba Cloud Compliance","version":"v1.0.1","iconUrl":"/images/mods/turbot/alicloud-compliance.svg","brandColor":"#FF6600","description":"Run individual configuration, compliance and security controls or full compliance benchmarks for CIS across all of your Alibaba Cloud accounts using Powerpipe and Steampipe."},{"path":"/mods/turbot/steampipe-mod-alicloud-insights","org":"turbot","name":"steampipe-mod-alicloud-insights","title":"Alibaba Cloud Insights","version":"v1.0.0","iconUrl":"/images/mods/turbot/alicloud-insights.svg","brandColor":"#FF6600","description":"Create dashboards and reports for your Alibaba Cloud resources using Powerpipe and Steampipe."},{"path":"/mods/turbot/steampipe-mod-alicloud-thrifty","org":"turbot","name":"steampipe-mod-alicloud-thrifty","title":"Alibaba Cloud Thrifty","version":"v1.0.0","iconUrl":"/images/mods/turbot/alicloud-thrifty.svg","brandColor":"#FF6600","description":"Are you a Thrifty Alibaba Cloud developer? This mod checks your Alibaba account(s) to check for unused and under utilized resources using Powerpipe and Steampipe."}],"tables":[{"name":"alicloud_account","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"alias","type":"text","description":"Specify the alias associated with the account.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]}],"description":"Alicloud Account","queriesCount":9,"examplesCount":0,"readme":"$19"},{"name":"alicloud_action_trail","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"create_time","type":"timestamp with time zone","description":"The time when the trail was created.","operators":[]},{"name":"event_rw","type":"text","description":"The read/write type of the delivered events.","operators":[]},{"name":"home_region","type":"text","description":"The home region of the trail.","operators":[]},{"name":"is_organization_trail","type":"boolean","description":"Indicates whether the trail was created as a multi-account trail.","operators":[]},{"name":"name","type":"text","description":"The name of the trail.","operators":["="]},{"name":"oss_bucket_name","type":"text","description":"The name of the OSS bucket to which events are delivered.","operators":[]},{"name":"oss_key_prefix","type":"text","description":"The prefix of log files stored in the OSS bucket.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"role_name","type":"text","description":"The name of the Resource Access Management (RAM) role that ActionTrail is allowed to assume.","operators":[]},{"name":"sls_project_arn","type":"text","description":"The ARN of the Log Service project to which events are delivered.","operators":[]},{"name":"sls_write_role_arn","type":"text","description":"The ARN of the RAM role assumed by ActionTrail for delivering logs to the destination Log Service project.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"start_logging_time","type":"timestamp with time zone","description":"The most recent date and time when logging was enabled for the trail.","operators":[]},{"name":"status","type":"text","description":"The status of the trail.","operators":[]},{"name":"stop_logging_time","type":"timestamp with time zone","description":"The most recent date and time when logging was disabled for the trail.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"trail_region","type":"text","description":"The regions to which the trail is applied.","operators":[]},{"name":"update_time","type":"timestamp with time zone","description":"The most recent time when the configuration of the trail was updated.","operators":[]}],"description":"Alicloud Action Trail","queriesCount":2,"examplesCount":3,"readme":"$1a"},{"name":"alicloud_alidns_domain","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"ali_domain","type":"boolean","description":"Indicates whether the domain is registered with Alibaba Cloud.","operators":[]},{"name":"available_ttls","type":"jsonb","description":"The list of available TTL (Time-To-Live) values for DNS records in the domain.","operators":[]},{"name":"create_time","type":"timestamp with time zone","description":"The creation time of the domain.","operators":[]},{"name":"create_timestamp","type":"timestamp with time zone","description":"The timestamp when the domain was created.","operators":[]},{"name":"dns_servers","type":"jsonb","description":"The DNS servers associated with the domain.","operators":[]},{"name":"domain_id","type":"text","description":"The unique identifier of the domain.","operators":[]},{"name":"domain_name","type":"text","description":"The name of the domain.","operators":["="]},{"name":"group_id","type":"text","description":"The ID of the group the domain belongs to.","operators":["="]},{"name":"group_name","type":"text","description":"The name of the group the domain belongs to.","operators":[]},{"name":"in_clean","type":"boolean","description":"Indicates whether the domain is in a cleaning state.","operators":[]},{"name":"instance_end_time","type":"text","description":"The end time of the instance associated with the domain.","operators":[]},{"name":"instance_expired","type":"boolean","description":"Indicates whether the instance associated with the domain has expired.","operators":[]},{"name":"instance_id","type":"text","description":"The instance ID of the domain.","operators":[]},{"name":"line_type","type":"text","description":"The type of DNS record line, indicating the routing rules for the domain.","operators":[]},{"name":"min_ttl","type":"bigint","description":"The minimum TTL (Time-To-Live) value for DNS records in the domain.","operators":[]},{"name":"puny_code","type":"text","description":"The Punycode representation of the domain name.","operators":[]},{"name":"record_count","type":"bigint","description":"The number of DNS records associated with the domain.","operators":[]},{"name":"record_lines","type":"jsonb","description":"The DNS record lines associated with the domain.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"registrant_email","type":"text","description":"The email address of the domain registrant.","operators":[]},{"name":"remark","type":"text","description":"Remarks for the domain.","operators":[]},{"name":"resource_group_id","type":"text","description":"The resource group ID of the domain.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"starmark","type":"boolean","description":"Indicates whether the domain is marked as a star domain.","operators":[]},{"name":"tags","type":"jsonb","description":"A map of tags for the resource.","operators":[]},{"name":"tags_src","type":"jsonb","description":"A list of tags attached with the resource.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"version_code","type":"text","description":"The code of the domain version.","operators":[]},{"name":"version_name","type":"text","description":"The name of the domain version.","operators":[]}],"description":"Alicloud Alidns Domain","queriesCount":0,"examplesCount":6,"readme":"$1b"},{"name":"alicloud_cas_certificate","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"buy_in_aliyun","type":"boolean","description":"Indicates whether the certificate was purchased from Alibaba Cloud.","operators":[]},{"name":"cert","type":"text","description":"The certificate content, in PEM format.","operators":[]},{"name":"city","type":"text","description":"The city where the organization that purchases the certificate is located.","operators":[]},{"name":"common","type":"text","description":"The common name (CN) attribute of the certificate.","operators":[]},{"name":"country","type":"text","description":"The country where the organization that purchases the certificate is located.","operators":[]},{"name":"end_date","type":"timestamp with time zone","description":"The expiration date of the certificate.","operators":[]},{"name":"expired","type":"boolean","description":"Indicates whether the certificate has expired.","operators":[]},{"name":"fingerprint","type":"text","description":"The certificate fingerprint.","operators":[]},{"name":"id","type":"double precision","description":"The ID of the certificate.","operators":["="]},{"name":"issuer","type":"text","description":"The certificate authority.","operators":[]},{"name":"key","type":"text","description":"The private key of the certificate, in PEM format.","operators":[]},{"name":"name","type":"text","description":"The name of the certificate.","operators":[]},{"name":"org_name","type":"text","description":"The name of the organization that purchases the certificate.","operators":[]},{"name":"province","type":"text","description":"The province where the organization that purchases the certificate is located.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"sans","type":"text","description":"All domain names bound to the certificate.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"start_date","type":"timestamp with time zone","description":"The issuance date of the certificate.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]}],"description":"Alicloud CAS Certificate","queriesCount":0,"examplesCount":2,"readme":"$1c"},{"name":"alicloud_cms_monitor_host","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"agent_version","type":"text","description":"The version of the Cloud Monitor agent.","operators":[]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"ali_uid","type":"bigint","description":"The ID of the Alibaba Cloud account.","operators":[]},{"name":"eip_address","type":"text","description":"The elastic IP address (EIP) of the host.","operators":[]},{"name":"eip_id","type":"text","description":"The ID of the EIP.","operators":[]},{"name":"host_name","type":"text","description":"The name of the host.","operators":["="]},{"name":"instance_id","type":"text","description":"The ID of the instance.","operators":["="]},{"name":"instance_type_family","type":"text","description":"The type of the ECS instance.","operators":[]},{"name":"ip_group","type":"text","description":"The IP address of the host.","operators":[]},{"name":"is_aliyun_host","type":"boolean","description":"Indicates whether the host is provided by Alibaba Cloud.","operators":[]},{"name":"monitoring_agent_status","type":"jsonb","description":"The status of the Cloud Monitor agent.","operators":[]},{"name":"nat_ip","type":"text","description":"The IP address of the Network Address Translation (NAT) gateway.","operators":[]},{"name":"network_type","type":"text","description":"The type of the network.","operators":[]},{"name":"operating_system","type":"text","description":"The operating system.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"serial_number","type":"text","description":"The serial number of the host. A host that is not provided by Alibaba Cloud has a serial number instead of an instance ID.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]}],"description":"Alicloud Cloud Monitor Host","queriesCount":0,"examplesCount":2,"readme":"$1d"},{"name":"alicloud_cs_kubernetes_cluster","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"arn","type":"text","description":"The Alibaba Cloud Resource Name (ARN) of the cluster.","operators":[]},{"name":"capabilities","type":"text","description":"","operators":[]},{"name":"cluster_healthy","type":"text","description":"The health status of the cluster.","operators":[]},{"name":"cluster_id","type":"text","description":"The ID of the cluster.","operators":["="]},{"name":"cluster_log","type":"jsonb","description":"The logs of a cluster.","operators":[]},{"name":"cluster_namespace","type":"jsonb","description":"","operators":[]},{"name":"cluster_spec","type":"text","description":"","operators":[]},{"name":"cluster_type","type":"text","description":"The type of the cluster.","operators":[]},{"name":"created_at","type":"timestamp with time zone","description":"The time when the cluster was created.","operators":[]},{"name":"current_version","type":"text","description":"The version of the cluster.","operators":[]},{"name":"data_disk_category","type":"text","description":"The type of data disks.","operators":[]},{"name":"data_disk_size","type":"bigint","description":"The size of a data disk.","operators":[]},{"name":"deletion_protection","type":"boolean","description":"Indicates whether deletion protection is enabled for the cluster.","operators":[]},{"name":"docker_version","type":"text","description":"The version of Docker.","operators":[]},{"name":"enabled_migration","type":"text","description":"","operators":[]},{"name":"external_loadbalancer_id","type":"text","description":"The ID of the Server Load Balancer (SLB) instance deployed in the cluster.","operators":[]},{"name":"gw_bridge","type":"text","description":"","operators":[]},{"name":"init_version","type":"text","description":"The initial version of the cluster.","operators":[]},{"name":"instance_type","type":"text","description":"The Elastic Compute Service (ECS) instance type of cluster nodes.","operators":[]},{"name":"maintenance_info","type":"text","description":"","operators":[]},{"name":"maintenance_window","type":"jsonb","description":"","operators":[]},{"name":"master_url","type":"jsonb","description":"The endpoints that are open for connections to the cluster.","operators":[]},{"name":"meta_data","type":"jsonb","description":"The metadata of the cluster.","operators":[]},{"name":"name","type":"text","description":"The name of the cluster.","operators":[]},{"name":"need_update_agent","type":"text","description":"","operators":[]},{"name":"network_mode","type":"text","description":"The network type of the cluster.","operators":[]},{"name":"next_version","type":"text","description":"","operators":[]},{"name":"node_status","type":"text","description":"The status of cluster nodes.","operators":[]},{"name":"outputs","type":"text","description":"","operators":[]},{"name":"parameters","type":"text","description":"","operators":[]},{"name":"port","type":"text","description":"Container port in Kubernetes.","operators":[]},{"name":"private_zone","type":"text","description":"Indicates whether PrivateZone is enabled for the cluster.","operators":[]},{"name":"profile","type":"text","description":"The identifier of the cluster.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"resource_group_id","type":"text","description":"The ID of the resource group to which the cluster belongs.","operators":[]},{"name":"service_discovery_types","type":"text","description":"","operators":[]},{"name":"size","type":"bigint","description":"The number of nodes in the cluster.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"state","type":"text","description":"The status of the cluster.","operators":[]},{"name":"subnet_cidr","type":"cidr","description":"The CIDR block of pods in the cluster.","operators":[]},{"name":"swarm_mode","type":"text","description":"","operators":[]},{"name":"tags","type":"jsonb","description":"A map of tags for the resource.","operators":[]},{"name":"tags_src","type":"jsonb","description":"A list of tags attached with the cluster.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"updated","type":"timestamp with time zone","description":"The time when the cluster was updated.","operators":[]},{"name":"upgrade_components","type":"text","description":"","operators":[]},{"name":"vpc_id","type":"text","description":"The ID of the VPC used by the cluster.","operators":[]},{"name":"vswitch_cidr","type":"cidr","description":"The CIDR block of VSwitches.","operators":[]},{"name":"vswitch_id","type":"text","description":"The IDs of VSwitches.","operators":[]},{"name":"worker_ram_role_name","type":"text","description":"The name of the RAM role for worker nodes in the cluster.","operators":[]},{"name":"zone_id","type":"text","description":"The ID of the zone where the cluster is deployed.","operators":[]}],"description":"Alicloud Container Service Kubernetes Cluster","queriesCount":2,"examplesCount":2,"readme":"$1e"},{"name":"alicloud_cs_kubernetes_cluster_node","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"cluster_id","type":"text","description":"The ID of the cluster that the node pool belongs to.","operators":["="]},{"name":"creation_time","type":"timestamp with time zone","description":"The time when the node was created.","operators":[]},{"name":"error_message","type":"text","description":"The error message generated when the node was created.","operators":[]},{"name":"expired_time","type":"timestamp with time zone","description":"The expiration time of the node.","operators":[]},{"name":"host_name","type":"text","description":"The name of the host.","operators":[]},{"name":"image_id","type":"text","description":"The ID of the system image that is used by the node.","operators":[]},{"name":"instance_charge_type","type":"text","description":"The billing method of the node.","operators":[]},{"name":"instance_id","type":"text","description":"The ID of the ECS instance.","operators":["="]},{"name":"instance_name","type":"text","description":"The name of the node. This name contains the ID of the cluster to which the node is deployed.","operators":[]},{"name":"instance_role","type":"text","description":"The role of the node.","operators":[]},{"name":"instance_status","type":"text","description":"The state of the node.","operators":[]},{"name":"instance_type","type":"text","description":"The instance type of the node.","operators":[]},{"name":"instance_type_family","type":"text","description":"The ECS instance family of the node.","operators":[]},{"name":"ip_address","type":"text","description":"The IP address of the node.","operators":[]},{"name":"is_aliyun_node","type":"boolean","description":"Indicates whether the instance is provided by Alibaba Cloud.","operators":[]},{"name":"node_name","type":"text","description":"The name of the node in the ACK cluster.","operators":[]},{"name":"node_status","type":"text","description":"Indicates whether the node is ready in the ACK cluster. Valid values: true, false.","operators":[]},{"name":"nodepool_id","type":"text","description":"The ID of the node pool.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"source","type":"text","description":"Indicates how the nodes in the node pool were initialized. The nodes can be manually created or created by using Resource Orchestration Service (ROS).","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"state","type":"text","description":"The states of the nodes in the node pool.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]}],"description":"Alicloud Container Service Kubernetes Cluster Node","queriesCount":0,"examplesCount":2,"readme":"$1f"},{"name":"alicloud_ecs_auto_provisioning_group","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"allocation_strategy","type":"text","description":"An unique identifier for the resource.","operators":[]},{"name":"auto_provisioning_group_id","type":"text","description":"An unique identifier for the resource.","operators":["="]},{"name":"auto_provisioning_group_type","type":"text","description":"An unique identifier for the resource.","operators":[]},{"name":"creation_time","type":"timestamp with time zone","description":"An unique identifier for the resource.","operators":[]},{"name":"excess_capacity_termination_policy","type":"text","description":"An unique identifier for the resource.","operators":[]},{"name":"instances","type":"jsonb","description":"An unique identifier for the resource.","operators":[]},{"name":"launch_template_configs","type":"jsonb","description":"An unique identifier for the resource.","operators":[]},{"name":"launch_template_id","type":"text","description":"An unique identifier for the resource.","operators":[]},{"name":"launch_template_version","type":"text","description":"An unique identifier for the resource.","operators":[]},{"name":"max_spot_price","type":"double precision","description":"An unique identifier for the resource.","operators":[]},{"name":"name","type":"text","description":"A friendly name for the resource.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"spot_options","type":"jsonb","description":"An unique identifier for the resource.","operators":[]},{"name":"state","type":"text","description":"An unique identifier for the resource.","operators":[]},{"name":"status","type":"text","description":"An unique identifier for the resource.","operators":[]},{"name":"target_capacity_specification","type":"jsonb","description":"An unique identifier for the resource.","operators":[]},{"name":"terminate_instances","type":"boolean","description":"An unique identifier for the resource.","operators":[]},{"name":"terminate_instances_with_expiration","type":"boolean","description":"An unique identifier for the resource.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"valid_from","type":"timestamp with time zone","description":"An unique identifier for the resource.","operators":[]},{"name":"valid_until","type":"timestamp with time zone","description":"An unique identifier for the resource.","operators":[]}],"description":"Alicloud ECS Auto Provisioning Group","queriesCount":0,"examplesCount":2,"readme":"$20"},{"name":"alicloud_ecs_autoscaling_group","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"active_capacity","type":"bigint","description":"The number of ECS instances that have been added to the scaling group and are running properly.","operators":[]},{"name":"active_scaling_configuration_id","type":"text","description":"The ID of the active scaling configuration in the scaling group.","operators":[]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"compensate_with_on_demand","type":"boolean","description":"Specifies whether to automatically create pay-as-you-go instances to meet the requirement for the number of ECS instances in the scaling group when the number of preemptible instances cannot be reached due to reasons such as cost or insufficient resources.","operators":[]},{"name":"creation_time","type":"timestamp with time zone","description":"The time when the scaling group was created.","operators":[]},{"name":"db_instance_ids","type":"jsonb","description":"The IDs of the ApsaraDB RDS instances that are associated with the scaling group.","operators":[]},{"name":"default_cooldown","type":"bigint","description":"The default cooldown period of the scaling group (in seconds).","operators":[]},{"name":"desired_capacity","type":"bigint","description":"The expected number of ECS instances in the scaling group. Auto Scaling automatically keeps the ECS instances at this number.","operators":[]},{"name":"group_deletion_protection","type":"boolean","description":"Indicates whether scaling group deletion protection is enabled.","operators":[]},{"name":"health_check_type","type":"text","description":"The health check mode of the scaling group.","operators":[]},{"name":"launch_template_id","type":"text","description":"The ID of the launch template used by the scaling group.","operators":[]},{"name":"launch_template_version","type":"text","description":"The version of the launch template used by the scaling group.","operators":[]},{"name":"life_cycle_state","type":"text","description":"The lifecycle status of the scaling group.","operators":[]},{"name":"load_balancer_ids","type":"jsonb","description":"The IDs of the SLB instances that are associated with the scaling group.","operators":[]},{"name":"max_size","type":"bigint","description":"The maximum number of ECS instances in the scaling group.","operators":[]},{"name":"min_size","type":"bigint","description":"The minimum number of ECS instances in the scaling group.","operators":[]},{"name":"modification_time","type":"timestamp with time zone","description":"The time when the scaling group was modified.","operators":[]},{"name":"multi_az_policy","type":"text","description":"The ECS instance scaling policy for a multi-zone scaling group.","operators":[]},{"name":"name","type":"text","description":"A friendly name for the resource.","operators":["="]},{"name":"on_demand_base_capacity","type":"bigint","description":"The minimum number of pay-as-you-go instances required in the scaling group. Valid values: 0 to 1000.","operators":[]},{"name":"on_demand_percentage_above_base_capacity","type":"bigint","description":"The percentage of pay-as-you-go instances to be created when instances are added to the scaling group.","operators":[]},{"name":"pending_capacity","type":"bigint","description":"The number of ECS instances that are being added to the scaling group, but are still being configured.","operators":[]},{"name":"pending_wait_capacity","type":"bigint","description":"The number of ECS instances that are in the pending state to be added in the scaling group.","operators":[]},{"name":"protected_capacity","type":"bigint","description":"The number of ECS instances that are in the protected state in the scaling group.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"removal_policies","type":"jsonb","description":"Details about policies for removing ECS instances from the scaling group.","operators":[]},{"name":"removing_capacity","type":"bigint","description":"The number of ECS instances that are being removed from the scaling group.","operators":[]},{"name":"removing_wait_capacity","type":"bigint","description":"The number of ECS instances that are in the pending state to be removed from the scaling group.","operators":[]},{"name":"scaling_configurations","type":"jsonb","description":"A list of scaling configurations.","operators":[]},{"name":"scaling_group_id","type":"text","description":"An unique identifier for the resource.","operators":["="]},{"name":"scaling_instances","type":"jsonb","description":"A list of ECS instances in a scaling group.","operators":[]},{"name":"scaling_policy","type":"text","description":"Specifies the reclaim policy of the scaling group.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"spot_instance_pools","type":"bigint","description":"The number of available instance types. Auto Scaling will create preemptible instances of multiple instance types available at the lowest cost. Valid values: 0 to 10.","operators":[]},{"name":"spot_instance_remedy","type":"boolean","description":"Specifies whether to supplement preemptible instances when the target capacity of preemptible instances is not fulfilled.","operators":[]},{"name":"standby_capacity","type":"bigint","description":"The number of instances that are in the standby state in the scaling group.","operators":[]},{"name":"stopped_capacity","type":"bigint","description":"The number of instances that are in the stopped state in the scaling group.","operators":[]},{"name":"suspended_processes","type":"jsonb","description":"The scaling activity that is suspended. If no scaling activity is suspended, the returned value is null.","operators":[]},{"name":"tags","type":"jsonb","description":"A map of tags for the resource.","operators":[]},{"name":"tags_src","type":"jsonb","description":"A list of tags attached with the resource.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"total_capacity","type":"bigint","description":"The total number of ECS instances in the scaling group.","operators":[]},{"name":"vpc_id","type":"text","description":"The ID of the VPC to which the scaling group belongs.","operators":[]},{"name":"vserver_groups","type":"jsonb","description":"Details about backend server groups.","operators":[]},{"name":"vswitch_id","type":"text","description":"The ID of the VSwitch that is associated with the scaling group.","operators":[]},{"name":"vswitch_ids","type":"jsonb","description":"A collection of IDs of the VSwitches that are associated with the scaling group.","operators":[]}],"description":"Elastic Compute Autoscaling Group","queriesCount":0,"examplesCount":3,"readme":"$21"},{"name":"alicloud_ecs_disk","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"arn","type":"text","description":"The Alibaba Cloud Resource Name (ARN) of the ECS disk.","operators":[]},{"name":"attached_time","type":"timestamp with time zone","description":"The time when the disk was attached.","operators":[]},{"name":"attachments","type":"jsonb","description":"The attachment information of the cloud disk.","operators":[]},{"name":"auto_snapshot_policy_creation_time","type":"text","description":"The time when the auto snapshot policy was created.","operators":[]},{"name":"auto_snapshot_policy_enable_cross_region_copy","type":"boolean","description":"The ID of the automatic snapshot policy applied to the disk.","operators":[]},{"name":"auto_snapshot_policy_id","type":"text","description":"The ID of the automatic snapshot policy applied to the disk.","operators":[]},{"name":"auto_snapshot_policy_name","type":"text","description":"The name of the automatic snapshot policy applied to the disk.","operators":[]},{"name":"auto_snapshot_policy_repeat_week_days","type":"text","description":"The days of a week on which automatic snapshots are created. Valid values: 1 to 7, which corresponds to the days of the week. 1 indicates Monday. One or more days can be specified.","operators":[]},{"name":"auto_snapshot_policy_retention_days","type":"bigint","description":"The retention period of the automatic snapshot.","operators":[]},{"name":"auto_snapshot_policy_status","type":"text","description":"The status of the automatic snapshot policy.","operators":[]},{"name":"auto_snapshot_policy_tags","type":"jsonb","description":"The days of a week on which automatic snapshots are created. Valid values: 1 to 7, which corresponds to the days of the week. 1 indicates Monday. One or more days can be specified.","operators":[]},{"name":"auto_snapshot_policy_time_points","type":"text","description":"The points in time at which automatic snapshots are created. The least interval at which snapshots can be created is one hour. Valid values: 0 to 23, which corresponds to the hours of the day from 00:00 to 23:00. 1 indicates 01:00. You can specify multiple points in time.","operators":[]},{"name":"billing_method","type":"text","description":"The billing method of the disk. Possible values are: PrePaid and PostPaid.","operators":[]},{"name":"category","type":"text","description":"The category of the disk.","operators":[]},{"name":"creation_time","type":"timestamp with time zone","description":"The time when the disk was created.","operators":[]},{"name":"delete_auto_snapshot","type":"boolean","description":"Indicates whether the automatic snapshots of the disk are deleted when the disk is released.","operators":[]},{"name":"delete_with_instance","type":"boolean","description":"Indicates whether the disk is released when its associated instance is released.","operators":[]},{"name":"description","type":"text","description":"A user provided, human readable description for this resource.","operators":[]},{"name":"detached_time","type":"timestamp with time zone","description":"The time when the disk was detached.","operators":[]},{"name":"device","type":"text","description":"The device name of the disk on its associated instance.","operators":[]},{"name":"disk_id","type":"text","description":"An unique identifier for the resource.","operators":["="]},{"name":"enable_auto_snapshot","type":"boolean","description":"Indicates whether the automatic snapshot policy feature was enabled for the disk.","operators":[]},{"name":"enable_automated_snapshot_policy","type":"boolean","description":"Indicates whether an automatic snapshot policy was applied to the disk.","operators":[]},{"name":"encrypted","type":"boolean","description":"Indicates whether the disk was encrypted.","operators":[]},{"name":"expired_time","type":"timestamp with time zone","description":"The time when the subscription disk expires.","operators":[]},{"name":"image_id","type":"text","description":"The ID of the image used to create the instance. This parameter is empty unless the disk was created from an image. The value of this parameter remains unchanged throughout the lifecycle of the disk.","operators":[]},{"name":"instance_id","type":"text","description":"The ID of the instance to which the disk is attached. This parameter has a value only when the value of Status is In_use.","operators":[]},{"name":"iops","type":"bigint","description":"The number of input/output operations per second (IOPS).","operators":[]},{"name":"iops_read","type":"bigint","description":"The number of I/O reads per second.","operators":[]},{"name":"iops_write","type":"bigint","description":"The number of I/O writes per second.","operators":[]},{"name":"kms_key_id","type":"text","description":"The device name of the disk on its associated instance.","operators":[]},{"name":"mount_instance_num","type":"bigint","description":"The number of instances to which the Shared Block Storage device is attached.","operators":[]},{"name":"mount_instances","type":"jsonb","description":"The attaching information of the disk.","operators":[]},{"name":"name","type":"text","description":"A friendly name for the resource.","operators":[]},{"name":"operation_lock","type":"jsonb","description":"The reasons why the disk was locked.","operators":[]},{"name":"performance_level","type":"text","description":"The performance level of the ESSD.","operators":[]},{"name":"portable","type":"boolean","description":"Indicates whether the disk is removable.","operators":[]},{"name":"product_code","type":"text","description":"The product code in Alibaba Cloud Marketplace.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"resource_group_id","type":"text","description":"The ID of the resource group to which the disk belongs.","operators":[]},{"name":"serial_number","type":"text","description":"The serial number of the disk.","operators":[]},{"name":"size","type":"bigint","description":"Specifies the size of the disk.","operators":[]},{"name":"source_snapshot_id","type":"text","description":"The ID of the snapshot used to create the disk. This parameter is empty unless the disk was created from a snapshot. The value of this parameter remains unchanged throughout the lifecycle of the disk.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"status","type":"text","description":"Specifies the current state of the resource.","operators":[]},{"name":"storage_set_id","type":"text","description":"The ID of the storage set.","operators":[]},{"name":"storage_set_partition_number","type":"bigint","description":"The maximum number of partitions in a storage set.","operators":[]},{"name":"tags","type":"jsonb","description":"A map of tags for the resource.","operators":[]},{"name":"tags_src","type":"jsonb","description":"A list of tags attached with the resource.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"type","type":"text","description":"Specifies the type of the disk. Possible values are: 'system' and 'data'.","operators":[]},{"name":"zone","type":"text","description":"The zone name in which the resource is created.","operators":[]}],"description":"Elastic Compute Disk","queriesCount":2,"examplesCount":9,"readme":"$22"},{"name":"alicloud_ecs_disk_metric_read_iops","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"average","type":"double precision","description":"The average of the metric values that correspond to the data point.","operators":[]},{"name":"instance_id","type":"text","description":"An unique identifier for the resource.","operators":[]},{"name":"maximum","type":"double precision","description":"The maximum metric value for the data point.","operators":[]},{"name":"metric_name","type":"text","description":"The name of the metric.","operators":[]},{"name":"minimum","type":"double precision","description":"The minimum metric value for the data point.","operators":[]},{"name":"namespace","type":"text","description":"The metric namespace.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"timestamp","type":"timestamp with time zone","description":"The timestamp used for the data point.","operators":[]}],"description":"Alicloud ECS Disk Cloud Monitor Metrics - Read IOPS","queriesCount":0,"examplesCount":1,"readme":"$23"},{"name":"alicloud_ecs_disk_metric_read_iops_daily","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"average","type":"double precision","description":"The average of the metric values that correspond to the data point.","operators":[]},{"name":"instance_id","type":"text","description":"An unique identifier for the resource.","operators":[]},{"name":"maximum","type":"double precision","description":"The maximum metric value for the data point.","operators":[]},{"name":"metric_name","type":"text","description":"The name of the metric.","operators":[]},{"name":"minimum","type":"double precision","description":"The minimum metric value for the data point.","operators":[]},{"name":"namespace","type":"text","description":"The metric namespace.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"timestamp","type":"timestamp with time zone","description":"The timestamp used for the data point.","operators":[]}],"description":"Alicloud ECS Disk Cloud Monitor Metrics - Read IOPS (Daily)","queriesCount":0,"examplesCount":1,"readme":"$24"},{"name":"alicloud_ecs_disk_metric_read_iops_hourly","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"average","type":"double precision","description":"The average of the metric values that correspond to the data point.","operators":[]},{"name":"instance_id","type":"text","description":"An unique identifier for the resource.","operators":[]},{"name":"maximum","type":"double precision","description":"The maximum metric value for the data point.","operators":[]},{"name":"metric_name","type":"text","description":"The name of the metric.","operators":[]},{"name":"minimum","type":"double precision","description":"The minimum metric value for the data point.","operators":[]},{"name":"namespace","type":"text","description":"The metric namespace.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"timestamp","type":"timestamp with time zone","description":"The timestamp used for the data point.","operators":[]}],"description":"Alicloud ECS Disk Cloud Monitor Metrics - Read IOPS (Hourly)","queriesCount":0,"examplesCount":1,"readme":"$25"},{"name":"alicloud_ecs_disk_metric_write_iops","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"average","type":"double precision","description":"The average of the metric values that correspond to the data point.","operators":[]},{"name":"instance_id","type":"text","description":"An unique identifier for the resource.","operators":[]},{"name":"maximum","type":"double precision","description":"The maximum metric value for the data point.","operators":[]},{"name":"metric_name","type":"text","description":"The name of the metric.","operators":[]},{"name":"minimum","type":"double precision","description":"The minimum metric value for the data point.","operators":[]},{"name":"namespace","type":"text","description":"The metric namespace.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"timestamp","type":"timestamp with time zone","description":"The timestamp used for the data point.","operators":[]}],"description":"Alicloud ECS Disk Cloud Monitor Metrics - Write IOPS","queriesCount":0,"examplesCount":1,"readme":"$26"},{"name":"alicloud_ecs_disk_metric_write_iops_daily","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"average","type":"double precision","description":"The average of the metric values that correspond to the data point.","operators":[]},{"name":"instance_id","type":"text","description":"An unique identifier for the resource.","operators":[]},{"name":"maximum","type":"double precision","description":"The maximum metric value for the data point.","operators":[]},{"name":"metric_name","type":"text","description":"The name of the metric.","operators":[]},{"name":"minimum","type":"double precision","description":"The minimum metric value for the data point.","operators":[]},{"name":"namespace","type":"text","description":"The metric namespace.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"timestamp","type":"timestamp with time zone","description":"The timestamp used for the data point.","operators":[]}],"description":"Alicloud ECS Disk Cloud Monitor Metrics - Write IOPS (Daily)","queriesCount":0,"examplesCount":1,"readme":"$27"},{"name":"alicloud_ecs_disk_metric_write_iops_hourly","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"average","type":"double precision","description":"The average of the metric values that correspond to the data point.","operators":[]},{"name":"instance_id","type":"text","description":"An unique identifier for the resource.","operators":[]},{"name":"maximum","type":"double precision","description":"The maximum metric value for the data point.","operators":[]},{"name":"metric_name","type":"text","description":"The name of the metric.","operators":[]},{"name":"minimum","type":"double precision","description":"The minimum metric value for the data point.","operators":[]},{"name":"namespace","type":"text","description":"The metric namespace.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"timestamp","type":"timestamp with time zone","description":"The timestamp used for the data point.","operators":[]}],"description":"Alicloud ECS Disk Cloud Monitor Metrics - Write IOPS (Hourly)","queriesCount":0,"examplesCount":1,"readme":"$28"},{"name":"alicloud_ecs_image","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"architecture","type":"text","description":"The image architecture. Possible values are: 'i386', and 'x86_64'.","operators":[]},{"name":"arn","type":"text","description":"The Alibaba Cloud Resource Name (ARN) of the ECS image.","operators":[]},{"name":"creation_time","type":"timestamp with time zone","description":"The time when the image was created.","operators":[]},{"name":"description","type":"text","description":"A user-defined, human readable description for the image.","operators":[]},{"name":"disk_device_mappings","type":"jsonb","description":"The mappings between disks and snapshots under the image.","operators":[]},{"name":"image_family","type":"text","description":"The name of the image family.","operators":[]},{"name":"image_id","type":"text","description":"The ID of the image that the instance is running.","operators":["="]},{"name":"image_owner_alias","type":"text","description":"The alias of the image owner. Possible values are: system, self, others, marketplace.","operators":[]},{"name":"image_version","type":"text","description":"The version of the image.","operators":[]},{"name":"is_copied","type":"boolean","description":"Indicates whether the image is a copy of another image.","operators":[]},{"name":"is_self_shared","type":"boolean","description":"Indicates whether the image has been shared to other Alibaba Cloud accounts.","operators":[]},{"name":"is_subscribed","type":"boolean","description":"Indicates whether you have subscribed to the image that corresponds to the specified product code.","operators":[]},{"name":"is_support_cloud_init","type":"boolean","description":"Indicates whether the image supports cloud-init.","operators":[]},{"name":"is_support_io_optimized","type":"boolean","description":"Indicates whether the image can be used on I/O optimized instances.","operators":[]},{"name":"name","type":"text","description":"A friendly name of the resource.","operators":[]},{"name":"os_name","type":"text","description":"The Chinese name of the operating system.","operators":[]},{"name":"os_name_en","type":"text","description":"The English name of the operating system.","operators":[]},{"name":"os_type","type":"text","description":"The type of the operating system. Possible values are: windows,and linux","operators":[]},{"name":"platform","type":"text","description":"The platform of the operating system.","operators":[]},{"name":"product_code","type":"text","description":"The product code of the Alibaba Cloud Marketplace image.","operators":[]},{"name":"progress","type":"text","description":"The image creation progress, in percent(%).","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":["="]},{"name":"resource_group_id","type":"text","description":"The ID of the resource group to which the image belongs.","operators":[]},{"name":"share_permissions","type":"jsonb","description":"A list of groups and accounts that the image can be shared.","operators":[]},{"name":"size","type":"bigint","description":"The size of the image (in GiB).","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"status","type":"text","description":"The status of the image.","operators":[]},{"name":"tags","type":"jsonb","description":"A map of tags for the resource.","operators":[]},{"name":"tags_src","type":"jsonb","description":"A list of tags attached with the image.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"usage","type":"text","description":"Indicates whether the image has been used to create ECS instances.","operators":[]}],"description":"AliCloud ECS Image.","queriesCount":0,"examplesCount":7,"readme":"$29"},{"name":"alicloud_ecs_instance","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"activation_id","type":"text","description":"The activation Id if the instance.","operators":[]},{"name":"agent_version","type":"text","description":"The agent version.","operators":[]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"arn","type":"text","description":"The Alibaba Cloud Resource Name (ARN) of the ECS instance.","operators":[]},{"name":"auto_release_time","type":"timestamp with time zone","description":"The automatic release time of the pay-as-you-go instance.","operators":[]},{"name":"billing_method","type":"text","description":"The billing method for network usage.","operators":["="]},{"name":"connected","type":"boolean","description":"Indicates whether the instance is connected..","operators":[]},{"name":"cpu","type":"bigint","description":"The number of vCPUs.","operators":[]},{"name":"cpu_options_core_count","type":"bigint","description":"The number of CPU cores.","operators":[]},{"name":"cpu_options_numa","type":"text","description":"The number of threads allocated.","operators":[]},{"name":"cpu_options_threads_per_core","type":"bigint","description":"The number of threads per core.","operators":[]},{"name":"creation_time","type":"timestamp with time zone","description":"The time when the instance was created.","operators":[]},{"name":"credit_specification","type":"text","description":"The performance mode of the burstable instance.","operators":[]},{"name":"dedicated_host_cluster_id","type":"text","description":"The cluster ID of the dedicated host.","operators":[]},{"name":"dedicated_host_id","type":"text","description":"The ID of the dedicated host.","operators":[]},{"name":"dedicated_host_name","type":"text","description":"The name of the dedicated host.","operators":[]},{"name":"dedicated_instance_affinity","type":"text","description":"Indicates whether the instance on a dedicated host is associated with the dedicated host.","operators":[]},{"name":"dedicated_instance_tenancy","type":"text","description":"Indicates whether the instance is hosted on a dedicated host.","operators":[]},{"name":"deletion_protection","type":"boolean","description":"Indicates whether you can use the ECS console or call the DeleteInstance operation to release the instance.","operators":[]},{"name":"deployment_set_group_no","type":"bigint","description":"The group No. of the instance in a deployment set when the deployment set is used to distribute instances across multiple physical machines.","operators":[]},{"name":"deployment_set_id","type":"text","description":"The ID of the deployment set.","operators":[]},{"name":"description","type":"text","description":"The description of the instance.","operators":[]},{"name":"device_available","type":"boolean","description":"Indicates whether data disks can be attached to the instance.","operators":["!=","="]},{"name":"ecs_capacity_reservation_id","type":"text","description":"The ID of the capacity reservation.","operators":[]},{"name":"ecs_capacity_reservation_preference","type":"text","description":"The preference of the ECS capacity reservation.","operators":[]},{"name":"eip_address","type":"jsonb","description":"The information of the EIP associated with the instance.","operators":[]},{"name":"expired_time","type":"timestamp with time zone","description":"The expiration time of the instance.","operators":[]},{"name":"family","type":"text","description":"The instance family of the instance.","operators":["="]},{"name":"gpu_amount","type":"bigint","description":"The number of GPUs for the instance type.","operators":[]},{"name":"gpu_spec","type":"text","description":"The category of GPUs for the instance type.","operators":[]},{"name":"host_name","type":"text","description":"The hostname of the instance.","operators":[]},{"name":"hpc_cluster_id","type":"text","description":"The ID of the HPC cluster to which the instance belongs.","operators":[]},{"name":"image_id","type":"text","description":"The ID of the image that the instance is running.","operators":["="]},{"name":"inner_ip_address","type":"jsonb","description":"The internal IP addresses of classic network-type instances. This parameter takes effect when InstanceNetworkType is set to classic. The value can be a JSON array that consists of up to 100 IP addresses. Separate multiple IP addresses with commas (,).","operators":[]},{"name":"instance_id","type":"text","description":"The ID of the instance.","operators":["="]},{"name":"instance_network_type","type":"text","description":"The network type of the instance.","operators":["="]},{"name":"instance_type","type":"text","description":"The type of the instance.","operators":["="]},{"name":"internet_charge_type","type":"text","description":"The billing method for network usage. Valid values:PayByBandwidth,PayByTraffic","operators":["="]},{"name":"internet_max_bandwidth_in","type":"bigint","description":"The maximum inbound bandwidth from the Internet (in Mbit/s).","operators":[]},{"name":"internet_max_bandwidth_out","type":"bigint","description":"The maximum outbound bandwidth to the Internet (in Mbit/s).","operators":[]},{"name":"invocation_count","type":"bigint","description":"The count of instance invocation","operators":[]},{"name":"io_optimized","type":"boolean","description":"Specifies whether the instance is I/O optimized.","operators":["!=","="]},{"name":"is_spot","type":"boolean","description":"Indicates whether the instance is a spot instance, or not.","operators":[]},{"name":"key_pair_name","type":"text","description":"The name of the SSH key pair for the instance.","operators":[]},{"name":"last_invoked_time","type":"timestamp with time zone","description":"The time when the instance is last invoked.","operators":[]},{"name":"local_storage_amount","type":"bigint","description":"The number of local disks attached to the instance.","operators":[]},{"name":"local_storage_capacity","type":"bigint","description":"The capacity of local disks attached to the instance.","operators":[]},{"name":"memory","type":"bigint","description":"The memory size of the instance (in MiB).","operators":[]},{"name":"metadata_options","type":"jsonb","description":"The collection of metadata options.","operators":[]},{"name":"name","type":"text","description":"The name of the instance.","operators":["="]},{"name":"network_interfaces","type":"jsonb","description":"Details about the ENIs bound to the instance.","operators":[]},{"name":"network_type","type":"text","description":"The type of the network.","operators":[]},{"name":"operation_locks","type":"jsonb","description":"Details about the reasons why the instance was locked.","operators":[]},{"name":"os_name","type":"text","description":"The name of the operating system for the instance.","operators":[]},{"name":"os_name_en","type":"text","description":"The English name of the operating system for the instance.","operators":[]},{"name":"os_type","type":"text","description":"The type of the operating system. Possible values are: windows and linux.","operators":[]},{"name":"os_version","type":"text","description":"The version of the operating system.","operators":[]},{"name":"private_ip_address","type":"jsonb","description":"The private IP addresses of instances.","operators":[]},{"name":"public_ip_address","type":"jsonb","description":"The public IP addresses of instances.","operators":[]},{"name":"ram_role","type":"jsonb","description":"RAM role attached to the instance.","operators":[]},{"name":"rdma_ip_address","type":"jsonb","description":"The RDMA IP address of HPC instance.","operators":[]},{"name":"recyclable","type":"boolean","description":"Indicates whether the instance can be recycled.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"registration_time","type":"timestamp with time zone","description":"The time when the instance is registered.","operators":[]},{"name":"resource_group_id","type":"text","description":"The ID of the resource group to which the instance belongs.","operators":["="]},{"name":"sale_cycle","type":"text","description":"The billing cycle of the instance.","operators":[]},{"name":"security_group_ids","type":"jsonb","description":"The IDs of security groups to which the instance belongs.","operators":[]},{"name":"serial_number","type":"text","description":"The serial number of the instance.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"spot_duration","type":"bigint","description":"The protection period of the preemptible instance (in hours).","operators":[]},{"name":"spot_price_limit","type":"double precision","description":"The maximum hourly price for the instance.","operators":[]},{"name":"spot_strategy","type":"text","description":"The preemption policy for the pay-as-you-go instance.","operators":[]},{"name":"start_time","type":"timestamp with time zone","description":"The start time of the bidding mode for the preemptible instance.","operators":[]},{"name":"status","type":"text","description":"The status of the instance. Possible values are: Pending, Running, Starting, Stopping, and Stopped","operators":["="]},{"name":"stopped_mode","type":"text","description":"Indicates whether the instance continues to be billed after it is stopped.","operators":[]},{"name":"tags","type":"jsonb","description":"A map of tags for the resource.","operators":[]},{"name":"tags_src","type":"jsonb","description":"A list of tags attached with the resource.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"vlan_id","type":"text","description":"The VLAN ID of the instance.","operators":[]},{"name":"vpc_attributes","type":"jsonb","description":"The VPC attributes of the instance.","operators":[]},{"name":"vpc_id","type":"text","description":"The type of the instance.","operators":["="]},{"name":"zone","type":"text","description":"The zone in which the instance resides.","operators":["="]}],"description":"Alicloud Elastic Compute Instance","queriesCount":1,"examplesCount":8,"readme":"$2a"},{"name":"alicloud_ecs_instance_metric_cpu_utilization_daily","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"average","type":"double precision","description":"The average of the metric values that correspond to the data point.","operators":[]},{"name":"instance_id","type":"text","description":"The ID of the instance.","operators":[]},{"name":"maximum","type":"double precision","description":"The maximum metric value for the data point.","operators":[]},{"name":"metric_name","type":"text","description":"The name of the metric.","operators":[]},{"name":"minimum","type":"double precision","description":"The minimum metric value for the data point.","operators":[]},{"name":"namespace","type":"text","description":"The metric namespace.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"timestamp","type":"timestamp with time zone","description":"The timestamp used for the data point.","operators":[]}],"description":"Alicloud ECS Instance Cloud Monitor Metrics - CPU Utilization (Daily)","queriesCount":0,"examplesCount":1,"readme":"$2b"},{"name":"alicloud_ecs_instance_metric_cpu_utilization_hourly","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"average","type":"double precision","description":"The average of the metric values that correspond to the data point.","operators":[]},{"name":"instance_id","type":"text","description":"The ID of the instance.","operators":[]},{"name":"maximum","type":"double precision","description":"The maximum metric value for the data point.","operators":[]},{"name":"metric_name","type":"text","description":"The name of the metric.","operators":[]},{"name":"minimum","type":"double precision","description":"The minimum metric value for the data point.","operators":[]},{"name":"namespace","type":"text","description":"The metric namespace.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"timestamp","type":"timestamp with time zone","description":"The timestamp used for the data point.","operators":[]}],"description":"Alicloud ECS Instance Cloud Monitor Metrics - CPU Utilization (Hourly)","queriesCount":0,"examplesCount":1,"readme":"$2c"},{"name":"alicloud_ecs_key_pair","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"creation_time","type":"timestamp with time zone","description":"The time when the key pair was created.","operators":[]},{"name":"key_pair_finger_print","type":"text","description":"The fingerprint of the key pair.","operators":[]},{"name":"name","type":"text","description":"The name of the key pair.","operators":["="]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"resource_group_id","type":"text","description":"The ID of the resource group to which the key pair belongs.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"tags","type":"jsonb","description":"A map of tags for the resource.","operators":[]},{"name":"tags_src","type":"jsonb","description":"A list of tags attached with the resource.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]}],"description":"An SSH key pair is a secure and convenient authentication method provided by Alibaba Cloud for instance logon. An SSH key pair consists of a public key and a private key. You can use SSH key pairs to log on to only Linux instances.","queriesCount":0,"examplesCount":1,"readme":"$2d"},{"name":"alicloud_ecs_launch_template","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"create_time","type":"timestamp with time zone","description":"The time when the launch template was created.","operators":[]},{"name":"created_by","type":"text","description":"Specifies the creator of the launch template.","operators":[]},{"name":"default_version_number","type":"bigint","description":"The default version number of the launch template.","operators":[]},{"name":"latest_version_details","type":"jsonb","description":"Describes the configuration of latest launch template version.","operators":[]},{"name":"latest_version_number","type":"bigint","description":"The latest version number of the launch template.","operators":[]},{"name":"launch_template_id","type":"text","description":"An unique identifier for the resource.","operators":["="]},{"name":"modified_time","type":"timestamp with time zone","description":"The time when the launch template was modified.","operators":[]},{"name":"name","type":"text","description":"A friendly name for the resource.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"resource_group_id","type":"text","description":"The ID of the resource group to which the launch template belongs.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"tags","type":"jsonb","description":"A map of tags for the resource.","operators":[]},{"name":"tags_src","type":"jsonb","description":"A list of tags attached with the resource.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]}],"description":"Alicloud ECS Launch Template","queriesCount":0,"examplesCount":2,"readme":"$2e"},{"name":"alicloud_ecs_network_interface","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"associated_public_ip_address","type":"inet","description":"The public IP address of the instance.","operators":[]},{"name":"associated_public_ip_allocation_id","type":"text","description":"The allocation ID of the EIP.","operators":[]},{"name":"attachment","type":"jsonb","description":"Attachments of the ENI","operators":[]},{"name":"creation_time","type":"timestamp with time zone","description":"The time when the ENI was created.","operators":[]},{"name":"description","type":"text","description":"The description of the ENI.","operators":[]},{"name":"instance_id","type":"text","description":"The ID of the instance to which the ENI is bound.","operators":[]},{"name":"ipv6_sets","type":"jsonb","description":"The IPv6 addresses assigned to the ENI.","operators":[]},{"name":"mac_address","type":"text","description":"The MAC address of the ENI.","operators":[]},{"name":"name","type":"text","description":"The name of the ENI.","operators":[]},{"name":"network_interface_id","type":"text","description":"An unique identifier for the ENI.","operators":["="]},{"name":"owner_id","type":"text","description":"The ID of the account that owns the ENI.","operators":[]},{"name":"private_ip_address","type":"inet","description":"The private IP address of the ENI.","operators":[]},{"name":"private_ip_sets","type":"jsonb","description":"The private IP addresses of the ENI.","operators":[]},{"name":"queue_number","type":"bigint","description":"The number of queues supported by the ENI.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"resource_group_id","type":"text","description":"The ID of the resource group to which the ENI belongs.","operators":[]},{"name":"security_group_ids","type":"jsonb","description":"The IDs of the security groups to which the ENI belongs.","operators":[]},{"name":"service_id","type":"text","description":"The ID of the distributor to which the ENI belongs.","operators":[]},{"name":"service_managed","type":"boolean","description":"Indicates whether the user is an Alibaba Cloud service or a distributor.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"status","type":"text","description":"The status of the ENI.","operators":[]},{"name":"tags","type":"jsonb","description":"A map of tags for the resource.","operators":[]},{"name":"tags_src","type":"jsonb","description":"A list of tags attached with the resource.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"type","type":"text","description":"The type of the ENI. Valid values: 'Primary' and 'Secondary'","operators":[]},{"name":"vpc_id","type":"text","description":"The ID of the VPC to which the ENI belongs.","operators":[]},{"name":"vswitch_id","type":"text","description":"The ID of the VSwitch to which the ENI is connected.","operators":[]},{"name":"zone_id","type":"text","description":"The zone ID of the ENI.","operators":[]}],"description":"Alicloud ECS Network Interface.","queriesCount":0,"examplesCount":5,"readme":"$2f"},{"name":"alicloud_ecs_region","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"local_name","type":"text","description":"The local name of the region.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"region_endpoint","type":"text","description":"The endpoint of the region.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"status","type":"text","description":"Indicates whether the cluster is sold out.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]}],"description":"Elastic Compute Region","queriesCount":0,"examplesCount":1,"readme":"$30"},{"name":"alicloud_ecs_security_group","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"arn","type":"text","description":"The Alibaba Cloud Resource Name (ARN) of the ECS security group.","operators":[]},{"name":"creation_time","type":"timestamp with time zone","description":"The time when the security group was created.","operators":[]},{"name":"description","type":"text","description":"The description of the security group.","operators":[]},{"name":"inner_access_policy","type":"text","description":"The description of the security group.","operators":[]},{"name":"name","type":"text","description":"The name of the security group.","operators":[]},{"name":"permissions","type":"jsonb","description":"Details about the security group rules.","operators":[]},{"name":"region","type":"text","description":"The name of the region where the resource belongs.","operators":[]},{"name":"resource_group_id","type":"text","description":"The ID of the resource group to which the security group belongs.","operators":[]},{"name":"security_group_id","type":"text","description":"The ID of the security group.","operators":["="]},{"name":"service_id","type":"bigint","description":"The ID of the distributor to which the security group belongs.","operators":[]},{"name":"service_managed","type":"boolean","description":"Indicates whether the user is an Alibaba Cloud service or a distributor.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"tags","type":"jsonb","description":"A map of tags for the resource.","operators":[]},{"name":"tags_src","type":"jsonb","description":"A list of tags attached with the security group.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"type","type":"text","description":"The type of the security group. Possible values are: normal, and enterprise.","operators":[]},{"name":"vpc_id","type":"text","description":"he ID of the VPC to which the security group belongs.","operators":[]}],"description":"ECS Security Group","queriesCount":3,"examplesCount":6,"readme":"$31"},{"name":"alicloud_ecs_snapshot","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"arn","type":"text","description":"The Alibaba Cloud Resource Name (ARN) of the snapshot.","operators":[]},{"name":"creation_time","type":"timestamp with time zone","description":"The time when the snapshot was created.","operators":[]},{"name":"description","type":"text","description":"A user provided, human readable description for this resource.","operators":[]},{"name":"encrypted","type":"boolean","description":"Indicates whether the snapshot was encrypted.","operators":[]},{"name":"instant_access","type":"boolean","description":"Indicates whether the instant access feature is enabled.","operators":[]},{"name":"instant_access_retention_days","type":"bigint","description":"Indicates the retention period of the instant access feature. After the retention per iod ends, the snapshot is automatically released.","operators":[]},{"name":"kms_key_id","type":"text","description":"The ID of the KMS key used by the data disk.","operators":[]},{"name":"last_modified_time","type":"timestamp with time zone","description":"The time when the snapshot was last changed.","operators":[]},{"name":"name","type":"text","description":"A friendly name for the resource.","operators":["="]},{"name":"product_code","type":"text","description":"The product code of the Alibaba Cloud Marketplace image.","operators":[]},{"name":"progress","type":"text","description":"The progress of the snapshot creation task. Unit: percent (%).","operators":[]},{"name":"region","type":"text","description":"The region ID where the resource is located.","operators":[]},{"name":"remain_time","type":"bigint","description":"The remaining time required to create the snapshot (in seconds).","operators":[]},{"name":"resource_group_id","type":"text","description":"The ID of the resource group to which the snapshot belongs.","operators":[]},{"name":"retention_days","type":"bigint","description":"The number of days that an automatic snapshot can be retained.","operators":[]},{"name":"serial_number","type":"text","description":"The serial number of the snapshot.","operators":[]},{"name":"snapshot_id","type":"text","description":"An unique identifier for the resource.","operators":[]},{"name":"source_disk_id","type":"text","description":"The ID of the source disk. This parameter is retained even after the source disk of the snapshot is released.","operators":[]},{"name":"source_disk_size","type":"text","description":"The capacity of the source disk (in GiB).","operators":[]},{"name":"source_disk_type","type":"text","description":"The category of the source disk.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"status","type":"text","description":"Specifies the current state of the resource.","operators":[]},{"name":"tags","type":"jsonb","description":"A map of tags for the resource.","operators":[]},{"name":"tags_src","type":"jsonb","description":"A list of tags attached with the resource.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"type","type":"text","description":"The type of the snapshot. Default value: all. Possible values are: auto, user, and all.","operators":[]},{"name":"usage","type":"text","description":"Indicates whether the snapshot has been used to create images or disks.","operators":[]}],"description":"ECS Disk Snapshot.","queriesCount":0,"examplesCount":5,"readme":"$32"},{"name":"alicloud_ecs_zone","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"available_dedicated_host_types","type":"jsonb","description":"The supported types of dedicated hosts. The data type of this parameter is List.","operators":[]},{"name":"available_disk_categories","type":"jsonb","description":"The supported disk categories. The data type of this parameter is List.","operators":[]},{"name":"available_instance_types","type":"jsonb","description":"The instance types of instances that can be created. The data type of this parameter is List.","operators":[]},{"name":"available_resource_creation","type":"jsonb","description":"The types of the resources that can be created. The data type of this parameter is List.","operators":[]},{"name":"available_resources","type":"jsonb","description":"An array consisting of ResourcesInfo data.","operators":[]},{"name":"available_volume_categories","type":"jsonb","description":"The categories of available shared storage. The data type of this parameter is List.","operators":[]},{"name":"dedicated_host_generations","type":"jsonb","description":"The generation numbers of dedicated hosts. The data type of this parameter is List.","operators":[]},{"name":"local_name","type":"text","description":"The name of the zone in the local language.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"zone_id","type":"text","description":"The zone ID.","operators":[]}],"description":"Elastic Compute Zone","queriesCount":0,"examplesCount":1,"readme":"$33"},{"name":"alicloud_kms_key","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"arn","type":"text","description":"The Alibaba Cloud Resource Name (ARN) of the CMK.","operators":[]},{"name":"automatic_rotation","type":"text","description":"Indicates whether automatic key rotation is enabled.","operators":[]},{"name":"creation_date","type":"timestamp with time zone","description":"The date and time the CMK was created.","operators":[]},{"name":"creator","type":"text","description":"The creator of the CMK.","operators":[]},{"name":"delete_date","type":"timestamp with time zone","description":"The date and time the CMK is scheduled for deletion.","operators":[]},{"name":"deletion_protection","type":"text","description":"Indicates whether deletion protection is enabled.","operators":[]},{"name":"description","type":"text","description":"The description of the CMK.","operators":[]},{"name":"key_aliases","type":"jsonb","description":"A list of aliases bound to a CMK.","operators":[]},{"name":"key_id","type":"text","description":"The globally unique ID of the CMK.","operators":["="]},{"name":"key_spec","type":"text","description":"The type of the CMK.","operators":["="]},{"name":"key_state","type":"text","description":"The status of the CMK.","operators":["="]},{"name":"key_usage","type":"text","description":"The purpose of the CMK.","operators":["="]},{"name":"last_rotation_date","type":"timestamp with time zone","description":"The date and time the last rotation was performed.","operators":[]},{"name":"material_expire_time","type":"timestamp with time zone","description":"The time and date the key material for the CMK expires.","operators":[]},{"name":"origin","type":"text","description":"The source of the key material for the CMK.","operators":[]},{"name":"primary_key_version","type":"text","description":"The ID of the current primary key version of the symmetric CMK.","operators":[]},{"name":"protection_level","type":"text","description":"The protection level of the CMK.","operators":["="]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":["="]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"tags","type":"jsonb","description":"A map of tags for the resource.","operators":[]},{"name":"tags_src","type":"jsonb","description":"A list of tags assigned to the key.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]}],"description":"Alicloud KMS Key","queriesCount":2,"examplesCount":4,"readme":"$34"},{"name":"alicloud_kms_secret","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"arn","type":"text","description":"The Alibaba Cloud Resource Name (ARN).","operators":[]},{"name":"automatic_rotation","type":"text","description":"Specifies whether automatic key rotation is enabled.","operators":[]},{"name":"create_time","type":"timestamp with time zone","description":"The time when the KMS Secret was created.","operators":[]},{"name":"description","type":"text","description":"The description of the secret.","operators":[]},{"name":"encryption_key_id","type":"text","description":"The ID of the KMS customer master key (CMK) that is used to encrypt the secret value.","operators":[]},{"name":"extended_config","type":"jsonb","description":"The extended configuration of Secret.","operators":[]},{"name":"last_rotation_date","type":"timestamp with time zone","description":"Date of last rotation of Secret.","operators":[]},{"name":"name","type":"text","description":"The name of the secret.","operators":["="]},{"name":"next_rotation_date","type":"timestamp with time zone","description":"The date of next rotation of Secret.","operators":[]},{"name":"planned_delete_time","type":"timestamp with time zone","description":"The time when the KMS Secret is planned to delete.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":["="]},{"name":"rotation_interval","type":"text","description":"The rotation perion of Secret.","operators":[]},{"name":"secret_type","type":"text","description":"The type of the secret.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"tags","type":"jsonb","description":"A map of tags for the resource.","operators":[]},{"name":"tags_src","type":"jsonb","description":"A list of tags attached with the resource.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"update_time","type":"timestamp with time zone","description":"The time when the KMS Secret was modifies.","operators":[]},{"name":"version_ids","type":"jsonb","description":"The list of secret versions.","operators":[]}],"description":"Alicloud KMS Secret","queriesCount":0,"examplesCount":4,"readme":"$35"},{"name":"alicloud_oss_bucket","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"acl","type":"text","description":"The access control list setting for bucket. Valid values: public-read-write, public-read, and private. public-read-write: Any users, including anonymous users can read and write objects in the bucket. Exercise caution when you set the ACL of a bucket to public-read-write. public-read: Only the owner or authorized users of this bucket can write objects in the bucket. Other users, including anonymous users can only read objects in the bucket. Exercise caution when you set the ACL of a bucket to public-read. private: Only the owner or authorized users of this bucket can read and write objects in the bucket. Other users, including anonymous users cannot access the objects in the bucket without authorization.","operators":[]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"arn","type":"text","description":"The Alibaba Cloud Resource Name (ARN) of the OSS bucket.","operators":[]},{"name":"creation_date","type":"timestamp with time zone","description":"Date when the bucket was created.","operators":[]},{"name":"lifecycle_rules","type":"jsonb","description":"A list of lifecycle rules for a bucket.","operators":[]},{"name":"location","type":"text","description":"Location of the Bucket.","operators":[]},{"name":"logging","type":"jsonb","description":"Indicates the container used to store access logging configuration of a bucket.","operators":[]},{"name":"name","type":"text","description":"Name of the Bucket.","operators":[]},{"name":"policy","type":"jsonb","description":"Allows you to grant permissions on OSS resources to RAM users from your Alibaba Cloud and other Alibaba Cloud accounts. You can also control access based on the request source.","operators":[]},{"name":"redundancy_type","type":"text","description":"The type of disaster recovery for a bucket. Valid values: LRS and ZRS","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"server_side_encryption","type":"jsonb","description":"The server-side encryption configuration for bucket","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"storage_class","type":"text","description":"The storage class of objects in the bucket.","operators":[]},{"name":"tags","type":"jsonb","description":"A map of tags for the resource.","operators":[]},{"name":"tags_src","type":"jsonb","description":"A list of tags assigned to bucket","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"versioning","type":"text","description":"The status of versioning for the bucket. Valid values: Enabled and Suspended.","operators":[]}],"description":"Object Storage Bucket","queriesCount":6,"examplesCount":7,"readme":"$36"},{"name":"alicloud_ram_access_key","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"access_key_id","type":"text","description":"The AccessKey ID.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"create_date","type":"timestamp with time zone","description":"The time when the AccessKey pair was created.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"status","type":"text","description":"The status of the AccessKey pair. Valid values: Active and Inactive.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"user_name","type":"text","description":"Name of the User that the access key belongs to.","operators":[]}],"description":"Alibaba Cloud RAM User Access Key.","queriesCount":1,"examplesCount":4,"readme":"$37"},{"name":"alicloud_ram_credential_report","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"access_key_1_active","type":"boolean","description":"Indicates whether the user access key is active, or not.","operators":[]},{"name":"access_key_1_exist","type":"boolean","description":"Indicates whether the user have access key, or not.","operators":[]},{"name":"access_key_1_last_rotated","type":"timestamp with time zone","description":"Specifies the time when the access key has been rotated.","operators":[]},{"name":"access_key_1_last_used","type":"timestamp with time zone","description":"Specifies the time when the access key was most recently used to sign an Alicloud API request.","operators":[]},{"name":"access_key_2_active","type":"boolean","description":"Indicates whether the user access key is active, or not.","operators":[]},{"name":"access_key_2_exist","type":"boolean","description":"Indicates whether the user have access key, or not.","operators":[]},{"name":"access_key_2_last_rotated","type":"timestamp with time zone","description":"Specifies the time when the access key has been rotated.","operators":[]},{"name":"access_key_2_last_used","type":"timestamp with time zone","description":"Specifies the time when the access key was most recently used to sign an Alicloud API request.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"additional_access_key_1_active","type":"boolean","description":"Indicates whether the user access key is active, or not.","operators":[]},{"name":"additional_access_key_1_exist","type":"boolean","description":"Indicates whether the user have access key, or not.","operators":[]},{"name":"additional_access_key_1_last_rotated","type":"timestamp with time zone","description":"Specifies the time when the access key has been rotated.","operators":[]},{"name":"additional_access_key_1_last_used","type":"timestamp with time zone","description":"Specifies the time when the access key was most recently used to sign an Alicloud API request.","operators":[]},{"name":"additional_access_key_2_active","type":"boolean","description":"Indicates whether the user access key is active, or not.","operators":[]},{"name":"additional_access_key_2_exist","type":"boolean","description":"Indicates whether the user have access key, or not.","operators":[]},{"name":"additional_access_key_2_last_rotated","type":"timestamp with time zone","description":"Specifies the time when the access key has been rotated.","operators":[]},{"name":"additional_access_key_2_last_used","type":"timestamp with time zone","description":"Specifies the time when the access key was most recently used to sign an Alicloud API request.","operators":[]},{"name":"additional_access_key_3_active","type":"boolean","description":"Indicates whether the user access key is active, or not.","operators":[]},{"name":"additional_access_key_3_exist","type":"boolean","description":"Indicates whether the user have access key, or not.","operators":[]},{"name":"additional_access_key_3_last_rotated","type":"timestamp with time zone","description":"Specifies the time when the access key has been rotated.","operators":[]},{"name":"additional_access_key_3_last_used","type":"timestamp with time zone","description":"Specifies the time when the access key was most recently used to sign an Alicloud API request.","operators":[]},{"name":"generated_time","type":"timestamp with time zone","description":"Specifies the time when the credential report has been generated.","operators":[]},{"name":"mfa_active","type":"boolean","description":"Indicates whether multi-factor authentication (MFA) device has been enabled for the user.","operators":[]},{"name":"password_active","type":"boolean","description":"Indicates whether the password is active, or not.","operators":[]},{"name":"password_exist","type":"boolean","description":"Indicates whether the user have any password for logging in, or not.","operators":[]},{"name":"password_last_changed","type":"timestamp with time zone","description":"Specifies the time when the password has been updated.","operators":[]},{"name":"password_next_rotation","type":"timestamp with time zone","description":"Specifies the time when the password will be rotated.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"user_creation_time","type":"timestamp with time zone","description":"Specifies the time when the user is created.","operators":[]},{"name":"user_last_logon","type":"timestamp with time zone","description":"Specifies the time when the user last logged in to the console.","operators":[]},{"name":"user_name","type":"text","description":"The email of the RAM user.","operators":[]}],"description":"Alicloud RAM Credential Report","queriesCount":4,"examplesCount":6,"readme":"$38"},{"name":"alicloud_ram_group","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"arn","type":"text","description":"The Alibaba Cloud Resource Name (ARN) of the RAM user group.","operators":[]},{"name":"attached_policy","type":"jsonb","description":"A list of policies attached to a RAM user group.","operators":[]},{"name":"comments","type":"text","description":"The description of the RAM user group.","operators":[]},{"name":"create_date","type":"timestamp with time zone","description":"The time when the RAM user group was created.","operators":[]},{"name":"name","type":"text","description":"The name of the RAM user group.","operators":["="]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"update_date","type":"timestamp with time zone","description":"The time when the RAM user group was modified.","operators":[]},{"name":"users","type":"jsonb","description":"A list of users in the group.","operators":[]}],"description":"Resource Access Management groups who can login via the console or access keys.","queriesCount":0,"examplesCount":3,"readme":"$39"},{"name":"alicloud_ram_password_policy","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"hard_expiry","type":"boolean","description":"Indicates whether the password has expired.","operators":[]},{"name":"max_login_attempts","type":"bigint","description":"The maximum number of permitted logon attempts within one hour. The number of logon attempts is reset to zero if a RAM user changes the password.","operators":[]},{"name":"max_password_age","type":"bigint","description":"The number of days for which a password is valid. Default value: 0. The default value indicates that the password never expires.","operators":[]},{"name":"minimum_password_length","type":"bigint","description":"The minimum required number of characters in a password.","operators":[]},{"name":"password_reuse_prevention","type":"bigint","description":"The number of previous passwords that the user is prevented from reusing. Default value: 0. The default value indicates that the RAM user is not prevented from reusing previous passwords.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"require_lowercase_characters","type":"boolean","description":"Indicates whether a password must contain one or more lowercase letters.","operators":[]},{"name":"require_numbers","type":"boolean","description":"Indicates whether a password must contain one or more digits.","operators":[]},{"name":"require_symbols","type":"boolean","description":"Indicates whether a password must contain one or more special characters.","operators":[]},{"name":"require_uppercase_characters","type":"boolean","description":"Indicates whether a password must contain one or more uppercase letters.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]}],"description":"Alibaba Cloud RAM Password Policy","queriesCount":8,"examplesCount":5,"readme":"$3a"},{"name":"alicloud_ram_policy","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"attachment_count","type":"bigint","description":"The number of references to the policy.","operators":[]},{"name":"create_date","type":"timestamp with time zone","description":"Policy creation date","operators":[]},{"name":"default_version","type":"text","description":"Deafult version of the policy","operators":[]},{"name":"description","type":"text","description":"The policy description","operators":[]},{"name":"policy_document","type":"jsonb","description":"Contains the details about the policy.","operators":[]},{"name":"policy_document_std","type":"jsonb","description":"Contains the policy document in a canonical form for easier searching.","operators":[]},{"name":"policy_name","type":"text","description":"The name of the policy.","operators":["="]},{"name":"policy_type","type":"text","description":"The type of the policy. Valid values: System and Custom.","operators":["="]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"update_date","type":"timestamp with time zone","description":"Last time when policy got updated ","operators":[]}],"description":"Alibaba Cloud RAM Policy","queriesCount":0,"examplesCount":3,"readme":"$3b"},{"name":"alicloud_ram_role","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"arn","type":"text","description":"The Alibaba Cloud Resource Name (ARN) of the RAM role.","operators":[]},{"name":"assume_role_policy_document","type":"jsonb","description":"The content of the policy that specifies one or more entities entrusted to assume the RAM role.","operators":[]},{"name":"assume_role_policy_document_std","type":"jsonb","description":"The standard content of the policy that specifies one or more entities entrusted to assume the RAM role.","operators":[]},{"name":"attached_policy","type":"jsonb","description":"A list of policies attached to a RAM role.","operators":[]},{"name":"create_date","type":"timestamp with time zone","description":"The time when the RAM role was created.","operators":[]},{"name":"description","type":"text","description":"The description of the RAM role.","operators":[]},{"name":"max_session_duration","type":"bigint","description":"The maximum session duration of the RAM role.","operators":[]},{"name":"name","type":"text","description":"The name of the RAM role.","operators":["="]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"role_id","type":"text","description":"The ID of the RAM role.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"update_date","type":"timestamp with time zone","description":"The time when the RAM role was modified.","operators":[]}],"description":"Resource Access Management roles who can login via the console or access keys.","queriesCount":0,"examplesCount":3,"readme":"$3c"},{"name":"alicloud_ram_security_preference","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"allow_user_to_change_password","type":"boolean","description":"Indicates whether RAM users can change their passwords.","operators":[]},{"name":"allow_user_to_manage_access_keys","type":"boolean","description":"Indicates whether RAM users can manage their AccessKey pairs.","operators":[]},{"name":"allow_user_to_manage_mfa_devices","type":"boolean","description":"Indicates whether RAM users can manage their MFA devices.","operators":[]},{"name":"allow_user_to_manage_public_keys","type":"boolean","description":"Indicates whether RAM users can manage their public keys.","operators":[]},{"name":"enable_save_mfa_ticket","type":"boolean","description":"Indicates whether RAM users can save security codes for multi-factor authentication (MFA) during logon. Each security code is valid for seven days.","operators":[]},{"name":"login_network_masks","type":"jsonb","description":"The subnet mask that indicates the IP addresses from which logon to the Alibaba Cloud Management Console is allowed. This parameter applies to password-based logon and single sign-on (SSO). However, this parameter does not apply to API calls that are authenticated based on AccessKey pairs. May be more than one CIDR range. If empty then login is allowed from any source.","operators":[]},{"name":"login_session_duration","type":"bigint","description":"The validity period of a logon session of a RAM user. Unit: hours.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]}],"description":"Alibaba Cloud RAM Security Preference","queriesCount":0,"examplesCount":4,"readme":"$3d"},{"name":"alicloud_ram_user","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"arn","type":"text","description":"The Alibaba Cloud Resource Name (ARN) of the RAM user.","operators":[]},{"name":"attached_policy","type":"jsonb","description":"A list of policies attached to a RAM user.","operators":[]},{"name":"comments","type":"text","description":"The description of the RAM user.","operators":[]},{"name":"create_date","type":"timestamp with time zone","description":"The time when the RAM user was created.","operators":[]},{"name":"cs_user_permissions","type":"jsonb","description":"User permissions for Container Service Kubernetes clusters.","operators":[]},{"name":"display_name","type":"text","description":"The display name of the RAM user.","operators":[]},{"name":"email","type":"text","description":"The email address of the RAM user.","operators":[]},{"name":"groups","type":"jsonb","description":"A list of groups attached to the user.","operators":[]},{"name":"last_login_date","type":"timestamp with time zone","description":"The time when the RAM user last logged on to the console by using the password.","operators":[]},{"name":"mfa_device_serial_number","type":"text","description":"The serial number of the MFA device.","operators":[]},{"name":"mfa_enabled","type":"boolean","description":"The MFA status of the user","operators":[]},{"name":"mobile_phone","type":"text","description":"The mobile phone number of the RAM user.","operators":[]},{"name":"name","type":"text","description":"The username of the RAM user.","operators":["="]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"update_date","type":"timestamp with time zone","description":"The time when the RAM user was modified.","operators":[]},{"name":"user_id","type":"text","description":"The unique ID of the RAM user.","operators":[]},{"name":"virtual_mfa_devices","type":"jsonb","description":"The list of MFA devices.","operators":[]}],"description":"Resource Access Management users who can login via the console or access keys.","queriesCount":2,"examplesCount":7,"readme":"$3e"},{"name":"alicloud_rds_backup","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"backup_db_names","type":"text","description":"The name of the database that has been backed up.","operators":[]},{"name":"backup_download_url","type":"text","description":"The internet download URL of the backup set. If the download URL is unavailable, this parameter is an empty string.","operators":[]},{"name":"backup_end_time","type":"timestamp with time zone","description":"The end of the backup time range. The time is in the yyyy-MM-ddTHH:mm:ssZ format and displayed in UTC.","operators":["="]},{"name":"backup_extraction_status","type":"text","description":"The backup extraction status.","operators":[]},{"name":"backup_id","type":"text","description":"The ID of the backup set.","operators":["="]},{"name":"backup_initiator","type":"text","description":"The initiator of the backup task.","operators":[]},{"name":"backup_intranet_download_url","type":"text","description":"The internal download URL of the backup set.","operators":[]},{"name":"backup_location","type":"text","description":"The location where backup is available.","operators":["="]},{"name":"backup_method","type":"text","description":"The backup method. Valid values: Snapshot, Physical and Logical.","operators":[]},{"name":"backup_mode","type":"text","description":"The backup mode.","operators":["="]},{"name":"backup_size","type":"bigint","description":"The size of the backup set. Unit: bytes.","operators":[]},{"name":"backup_start_time","type":"timestamp with time zone","description":"The beginning of the backup time range. The time is in the yyyy-MM-ddTHH:mm:ssZ format and displayed in UTC.","operators":["="]},{"name":"backup_status","type":"text","description":"The status of the backup. Valid values: Success, Failed.","operators":["="]},{"name":"backup_type","type":"text","description":"The backup type.","operators":[]},{"name":"consistent_time","type":"timestamp with time zone","description":"The point in time at which the data in the data backup is consistent. ","operators":[]},{"name":"copy_only_backup","type":"text","description":"The backup mode of the data backup. Valid values: 0, 1.","operators":[]},{"name":"db_instance_id","type":"text","description":"The ID of the single instance to query.","operators":["="]},{"name":"encryption","type":"text","description":"The encryption information of the data backup.","operators":[]},{"name":"host_instance_id","type":"text","description":"The number of the instance that generates the data backup. This parameter is used to indicate whether the instance that generates the data backup file is a primary instance or a secondary instance.","operators":[]},{"name":"is_avail","type":"text","description":"Indicates whether the data backup is available. Valid values: 0, 1.","operators":[]},{"name":"meta_status","type":"text","description":"The status of the data backup file that is used to restore individual databases or tables.","operators":[]},{"name":"slave_status","type":"text","description":"The slave status of the backup.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"storage_class","type":"text","description":"The storage class of the data backup. Valid values: 0(regular storage), 1 (archive storage).","operators":[]},{"name":"store_status","type":"text","description":"Indicates whether the data backup can be deleted. Valid values: Enabled, Disabled.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"total_backup_size","type":"text","description":"The total backup size.","operators":[]}],"description":"ApsaraDB RDS Backup is a policy expression that defines when and how you want to back up your DB Instances.","queriesCount":0,"examplesCount":5,"readme":"$3f"},{"name":"alicloud_rds_database","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"accounts","type":"jsonb","description":"An array that consists of the details of the accounts. Each account has specific permissions on the database.","operators":[]},{"name":"character_set_name","type":"text","description":"The name of the character set.","operators":[]},{"name":"db_description","type":"text","description":"The description of the database.","operators":[]},{"name":"db_instance_id","type":"text","description":"The unique ID of the instance.","operators":["="]},{"name":"db_name","type":"text","description":"The name of the database.","operators":["="]},{"name":"db_status","type":"text","description":"The status of the database. Valid values: Creating, Running and Deleting.","operators":["="]},{"name":"engine","type":"text","description":"The database engine of the instance to which the database belongs.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"tde_status","type":"text","description":"The TDE status of the database.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]}],"description":"Alibaba Cloud ApsaraDB for RDS (Relational Database Service) is a stable and reliable online database service that scales elastically.","queriesCount":0,"examplesCount":4,"readme":"$40"},{"name":"alicloud_rds_instance","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"account_max_quantity","type":"bigint","description":"The maximum number of accounts that can be created on the instance.","operators":[]},{"name":"account_type","type":"text","description":"","operators":[]},{"name":"advanced_features","type":"text","description":"An array that consists of advanced features. The advanced features are separated by commas (,). This parameter is supported only for instances that run SQL Server.","operators":[]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"arn","type":"text","description":"The Alibaba Cloud Resource Name (ARN) of the RDS instance.","operators":[]},{"name":"auto_upgrade_minor_version","type":"text","description":"The method that is used to update the minor engine version of the instance.","operators":[]},{"name":"availability_value","type":"text","description":"The availability status of the instance. Unit: %.","operators":[]},{"name":"category","type":"text","description":"The RDS edition of the instance.","operators":[]},{"name":"collation","type":"text","description":"The character set collation of the instance.","operators":[]},{"name":"connection_mode","type":"text","description":"The connection mode of the instances.","operators":[]},{"name":"connection_string","type":"text","description":"The internal endpoint of the instance.","operators":[]},{"name":"console_version","type":"text","description":"The type of proxy that is enabled on the instance.","operators":[]},{"name":"creation_time","type":"timestamp with time zone","description":"The creation time of the Instance.","operators":[]},{"name":"db_instance_class","type":"text","description":"The instance type of the instances.","operators":[]},{"name":"db_instance_cpu","type":"text","description":"The number of CPUs that are configured for the instance.","operators":[]},{"name":"db_instance_description","type":"text","description":"The description of the DB Instance.","operators":[]},{"name":"db_instance_disk_used","type":"text","description":"","operators":[]},{"name":"db_instance_id","type":"text","description":"The ID of the single instance to query.","operators":["="]},{"name":"db_instance_memory","type":"double precision","description":"The memory capacity of the instance. Unit: MB.","operators":[]},{"name":"db_instance_net_type","type":"text","description":"The ID of the resource group to which the VPC belongs.","operators":[]},{"name":"db_instance_status","type":"text","description":"The status of the instances","operators":[]},{"name":"db_instance_storage","type":"bigint","description":"The type of storage media that is used by the instance.","operators":[]},{"name":"db_instance_storage_type","type":"text","description":"The type of storage media that is used by the instance.","operators":[]},{"name":"db_instance_type","type":"text","description":"The role of the instances.","operators":[]},{"name":"db_max_quantity","type":"bigint","description":"The maximum number of databases that can be created on the instance.","operators":[]},{"name":"dedicated_host_group_id","type":"text","description":"The ID of the dedicated cluster to which the instances belong if the instances are created in a dedicated cluster.","operators":[]},{"name":"dispense_mode","type":"text","description":"","operators":[]},{"name":"encryption_key","type":"text","description":"The custom encryption key for the instance.","operators":[]},{"name":"engine","type":"text","description":"The database engine that the instances run.","operators":[]},{"name":"engine_version","type":"text","description":"The version of the database engine that the instances run.","operators":[]},{"name":"expire_time","type":"timestamp with time zone","description":"Instance expire time","operators":[]},{"name":"guard_db_instance_id","type":"text","description":"The ID of the disaster recovery instance that is attached to the instance if a disaster recovery instance is deployed.","operators":[]},{"name":"increment_source_db_instance_id","type":"text","description":"The ID of the instance from which incremental data comes. The incremental data of a disaster recovery or read-only instance comes from its primary instance. If this parameter is not returned, the instance is a primary instance.","operators":[]},{"name":"ins_id","type":"bigint","description":"","operators":[]},{"name":"instance_network_type","type":"text","description":"The network type of the instances.","operators":[]},{"name":"ip_type","type":"text","description":"","operators":[]},{"name":"latest_kernel_version","type":"text","description":"","operators":[]},{"name":"lock_mode","type":"text","description":"The lock mode of the instance.","operators":[]},{"name":"lock_reason","type":"text","description":"The reason why the instance is locked.","operators":[]},{"name":"maintain_time","type":"text","description":"The maintenance window of the instance. The maintenance window is displayed in UTC+8 in the ApsaraDB RDS console.","operators":[]},{"name":"master_instance_id","type":"text","description":"The ID of the primary instance to which the instance is attached. If this parameter is not returned, the instance is a primary instance.","operators":[]},{"name":"max_connections","type":"bigint","description":"The maximum number of concurrent connections that are allowed by the instance.","operators":[]},{"name":"max_iops","type":"bigint","description":"The maximum number of I/O requests that the instance can process per second.","operators":[]},{"name":"multiple_temp_upgrade","type":"boolean","description":"","operators":[]},{"name":"origin_configuration","type":"text","description":"","operators":[]},{"name":"parameters","type":"jsonb","description":"The list of running parameters for the instance.","operators":[]},{"name":"pay_type","type":"text","description":"The billing method of the instances.","operators":[]},{"name":"port","type":"text","description":"The internal port of the instance.","operators":[]},{"name":"proxy_type","type":"bigint","description":"The type of proxy that is enabled on the instance.","operators":[]},{"name":"readonly_db_instance_ids","type":"jsonb","description":"An array that consists of the IDs of the read-only instances attached to the primary instance.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"region_id","type":"text","description":"The ID of the region to which the instances belong.","operators":[]},{"name":"resource_group_id","type":"text","description":"The ID of the resource group to which the instances belong.","operators":[]},{"name":"security_group_configuration","type":"jsonb","description":"ECS security groups that are bound to an ApsaraDB for the instance.","operators":[]},{"name":"security_ip_mode","type":"text","description":"The network isolation mode of the instance.","operators":[]},{"name":"security_ips","type":"jsonb","description":"An array that consists of IP addresses in the IP address whitelist.","operators":[]},{"name":"security_ips_src","type":"jsonb","description":"An array that consists of IP details.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"sql_collector_policy","type":"jsonb","description":"The status of the SQL Explorer (SQL Audit) feature.","operators":[]},{"name":"sql_collector_retention","type":"bigint","description":"The log backup retention duration that is allowed by the SQL explorer feature on the instance.","operators":[]},{"name":"ssl_status","type":"text","description":"The SSL encryption status of the Instance","operators":[]},{"name":"super_permission_mode","type":"text","description":"Indicates whether the instance supports superuser accounts, such as the system administrator (SA) account, Active Directory (AD) account, and host account.","operators":[]},{"name":"support_create_super_account","type":"text","description":"","operators":[]},{"name":"support_upgrade_account_type","type":"text","description":"","operators":[]},{"name":"tags","type":"jsonb","description":"A map of tags for the resource.","operators":[]},{"name":"tags_src","type":"jsonb","description":"A map of tags for the resource.","operators":[]},{"name":"tde_status","type":"text","description":"The TDE status at the instance level. Valid values: Enable | Disable.","operators":[]},{"name":"temp_db_instance_id","type":"text","description":"The ID of the temporary instance that is attached to the instance if a temporary instance is deployed.","operators":[]},{"name":"temp_upgrade_recovery_class","type":"text","description":"","operators":[]},{"name":"temp_upgrade_recovery_cpu","type":"bigint","description":"","operators":[]},{"name":"temp_upgrade_recovery_max_connections","type":"text","description":"","operators":[]},{"name":"temp_upgrade_recovery_max_iops","type":"text","description":"","operators":[]},{"name":"temp_upgrade_recovery_memory","type":"bigint","description":"","operators":[]},{"name":"temp_upgrade_recovery_time","type":"text","description":"","operators":[]},{"name":"temp_upgrade_time_end","type":"text","description":"","operators":[]},{"name":"temp_upgrade_time_start","type":"text","description":"","operators":[]},{"name":"time_zone","type":"text","description":"The time zone of the instance.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"vpc_cloud_instance_id","type":"text","description":"The ID of the cloud instance on which the specified VPC is deployed.","operators":[]},{"name":"vpc_id","type":"text","description":"The ID of the VPC to which the instances belong.","operators":[]},{"name":"vswitch_id","type":"text","description":"The ID of the vSwitch associated with the specified VPC.","operators":[]},{"name":"zone_id","type":"text","description":"The ID of the zone to which the instances belong.","operators":[]}],"description":"Provides an RDS instance resource. A DB instance is an isolated database environment in the cloud. A DB instance can contain multiple user-created databases.","queriesCount":8,"examplesCount":8,"readme":"$41"},{"name":"alicloud_rds_instance_metric_connections","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"average","type":"double precision","description":"The average of the metric values that correspond to the data point.","operators":[]},{"name":"db_instance_id","type":"text","description":"The ID of the single instance to query.","operators":[]},{"name":"maximum","type":"double precision","description":"The maximum metric value for the data point.","operators":[]},{"name":"metric_name","type":"text","description":"The name of the metric.","operators":[]},{"name":"minimum","type":"double precision","description":"The minimum metric value for the data point.","operators":[]},{"name":"namespace","type":"text","description":"The metric namespace.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"timestamp","type":"timestamp with time zone","description":"The timestamp used for the data point.","operators":[]}],"description":"Alicloud RDS Instance Cloud Monitor Metrics - Connections","queriesCount":0,"examplesCount":1,"readme":"$42"},{"name":"alicloud_rds_instance_metric_connections_daily","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"average","type":"double precision","description":"The average of the metric values that correspond to the data point.","operators":[]},{"name":"db_instance_id","type":"text","description":"The ID of the single instance to query.","operators":[]},{"name":"maximum","type":"double precision","description":"The maximum metric value for the data point.","operators":[]},{"name":"metric_name","type":"text","description":"The name of the metric.","operators":[]},{"name":"minimum","type":"double precision","description":"The minimum metric value for the data point.","operators":[]},{"name":"namespace","type":"text","description":"The metric namespace.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"timestamp","type":"timestamp with time zone","description":"The timestamp used for the data point.","operators":[]}],"description":"Alicloud RDS Instance Cloud Monitor Metrics - Connections (Daily)","queriesCount":0,"examplesCount":1,"readme":"$43"},{"name":"alicloud_rds_instance_metric_cpu_utilization","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"average","type":"double precision","description":"The average of the metric values that correspond to the data point.","operators":[]},{"name":"db_instance_id","type":"text","description":"The ID of the single instance to query.","operators":[]},{"name":"maximum","type":"double precision","description":"The maximum metric value for the data point.","operators":[]},{"name":"metric_name","type":"text","description":"The name of the metric.","operators":[]},{"name":"minimum","type":"double precision","description":"The minimum metric value for the data point.","operators":[]},{"name":"namespace","type":"text","description":"The metric namespace.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"timestamp","type":"timestamp with time zone","description":"The timestamp used for the data point.","operators":[]}],"description":"Alicloud RDS Instance Cloud Monitor Metrics - CPU Utilization","queriesCount":0,"examplesCount":1,"readme":"$44"},{"name":"alicloud_rds_instance_metric_cpu_utilization_daily","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"average","type":"double precision","description":"The average of the metric values that correspond to the data point.","operators":[]},{"name":"db_instance_id","type":"text","description":"The ID of the single instance to query.","operators":[]},{"name":"maximum","type":"double precision","description":"The maximum metric value for the data point.","operators":[]},{"name":"metric_name","type":"text","description":"The name of the metric.","operators":[]},{"name":"minimum","type":"double precision","description":"The minimum metric value for the data point.","operators":[]},{"name":"namespace","type":"text","description":"The metric namespace.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"timestamp","type":"timestamp with time zone","description":"The timestamp used for the data point.","operators":[]}],"description":"Alicloud RDS Instance Cloud Monitor Metrics - CPU Utilization (Daily)","queriesCount":0,"examplesCount":1,"readme":"$45"},{"name":"alicloud_rds_instance_metric_cpu_utilization_hourly","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"average","type":"double precision","description":"The average of the metric values that correspond to the data point.","operators":[]},{"name":"db_instance_id","type":"text","description":"The ID of the single instance to query.","operators":[]},{"name":"maximum","type":"double precision","description":"The maximum metric value for the data point.","operators":[]},{"name":"metric_name","type":"text","description":"The name of the metric.","operators":[]},{"name":"minimum","type":"double precision","description":"The minimum metric value for the data point.","operators":[]},{"name":"namespace","type":"text","description":"The metric namespace.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"timestamp","type":"timestamp with time zone","description":"The timestamp used for the data point.","operators":[]}],"description":"Alicloud RDS Instance Cloud Monitor Metrics - CPU Utilization (Hourly)","queriesCount":0,"examplesCount":1,"readme":"$46"},{"name":"alicloud_security_center_field_statistics","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"category_count","type":"bigint","description":"The number of assets category.","operators":[]},{"name":"general_asset_count","type":"bigint","description":"The number of general assets.","operators":[]},{"name":"group_count","type":"bigint","description":"The number of asset groups.","operators":[]},{"name":"important_asset_count","type":"bigint","description":"The number of important assets.","operators":[]},{"name":"instance_count","type":"bigint","description":"The total number of assets of the specified type.","operators":[]},{"name":"new_instance_count","type":"bigint","description":"The number of new servers.","operators":[]},{"name":"not_running_status_count","type":"bigint","description":"The number of inactive servers.","operators":[]},{"name":"offline_instance_count","type":"bigint","description":"The number of offline servers.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"region_count","type":"bigint","description":"The number of regions to which the servers belong.","operators":[]},{"name":"risk_instance_count","type":"bigint","description":"The number of assets that are at risk.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"test_asset_count","type":"bigint","description":"The number of test assets.","operators":[]},{"name":"unprotected_instance_count","type":"bigint","description":"The number of unprotected assets.","operators":[]},{"name":"vpc_count","type":"bigint","description":"The number of VPCs.","operators":[]}],"description":"Alicloud Security Center Field Statistics","queriesCount":0,"examplesCount":0,"readme":"$47"},{"name":"alicloud_security_center_version","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"app_white_list","type":"bigint","description":"Indicates whether the application whitelist is enabled.","operators":[]},{"name":"app_white_list_auth_count","type":"bigint","description":"The quota on the servers to which you can apply your application whitelist.","operators":[]},{"name":"asset_level","type":"bigint","description":"The purchased quota for Security Center.","operators":[]},{"name":"instance_id","type":"text","description":"The ID of the purchased Security Center instance.","operators":[]},{"name":"is_over_balance","type":"boolean","description":"Indicates whether the number of existing servers exceeds your quota.","operators":[]},{"name":"is_trial_version","type":"boolean","description":"Indicates whether Security Center is the free trial edition.","operators":[]},{"name":"last_trail_end_time","type":"timestamp with time zone","description":"The time when the last free trial ends.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"release_time","type":"timestamp with time zone","description":"The time when the Security Center instance expired.","operators":[]},{"name":"sas_log","type":"bigint","description":"Indicates whether log analysis is purchased.","operators":[]},{"name":"sas_screen","type":"bigint","description":"Indicates whether the security dashboard is purchased.","operators":[]},{"name":"sls_capacity","type":"bigint","description":"The purchased capacity of log storage.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"user_defined_alarms","type":"bigint","description":"Indicates whether the custom alert feature is enabled.","operators":[]},{"name":"version","type":"text","description":"The purchased edition of Security Center.","operators":[]},{"name":"web_lock","type":"bigint","description":"Indicates whether web tamper proofing is enabled.","operators":[]},{"name":"web_lock_auth_count","type":"bigint","description":"The quota on the servers that web tamper proofing protects.","operators":[]}],"description":"Alicloud Security Center Version","queriesCount":1,"examplesCount":1,"readme":"$48"},{"name":"alicloud_slb_load_balancer","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"address","type":"inet","description":"The service IP address of the SLB instance.","operators":[]},{"name":"address_ip_version","type":"text","description":"The IP version. Valid values: ipv4 and ipv6.","operators":["="]},{"name":"address_type","type":"text","description":"The network type of the SLB instance. Valid values: internet|intranet.","operators":["="]},{"name":"bandwidth","type":"bigint","description":"The maximum bandwidth of the listener. Unit: Mbit/s.","operators":[]},{"name":"create_time","type":"timestamp with time zone","description":"The time when the SLB instance was created.","operators":[]},{"name":"create_time_stamp","type":"timestamp with time zone","description":"The timestamp when the instance was created.","operators":[]},{"name":"delete_protection","type":"text","description":"Indicates whether deletion protection is enabled for the SLB instance.","operators":[]},{"name":"internet_charge_type","type":"text","description":"The metering method of Internet data transfer. Valid values: paybybandwidth|paybytraffic.","operators":["="]},{"name":"internet_charge_type_alias","type":"text","description":"The alias for metering method of Internet data transfer.","operators":[]},{"name":"load_balancer_id","type":"text","description":"The ID of the SLB instance.","operators":["="]},{"name":"load_balancer_name","type":"text","description":"The name of the SLB instance.","operators":["="]},{"name":"load_balancer_spec","type":"text","description":"The specification of the SLB instance.","operators":[]},{"name":"load_balancer_status","type":"text","description":"The status of the SLB instance. Valid values: inactive|active|locked.","operators":["="]},{"name":"master_zone_id","type":"text","description":"The ID of the primary zone to which the SLB instance belongs.","operators":["="]},{"name":"modification_protection_reason","type":"text","description":"The reason why the configuration read-only mode is enabled.","operators":[]},{"name":"modification_protection_status","type":"text","description":"Indicates whether the configuration read-only mode is enabled for the SLB instance. ","operators":[]},{"name":"network_type","type":"text","description":"The network type of the internal-facing SLB instance. Valid values: vpc|classic.","operators":["="]},{"name":"pay_type","type":"text","description":"The billing method of the SLB instance. Valid values: PayOnDemand.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"resource_group_id","type":"text","description":"The ID of the resource group.","operators":["="]},{"name":"slave_zone_id","type":"text","description":"The ID of the secondary zone to which the SLB instance belongs.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"tags","type":"text","description":"A map of tags for the resource.","operators":[]},{"name":"tags_src","type":"jsonb","description":"A list of tags.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"v_switch_id","type":"text","description":"The ID of the vSwitch to which the SLB instance belongs.","operators":["="]},{"name":"vpc_id","type":"text","description":"The ID of the virtual private cloud (VPC) to which the SLB instance belongs.","operators":["="]}],"description":"Alicloud Server Load Balancer","queriesCount":0,"examplesCount":2,"readme":"$49"},{"name":"alicloud_vpc","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"advanced_resource","type":"boolean","description":"","operators":[]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"arn","type":"text","description":"The Alibaba Cloud Resource Name (ARN) of the VPC.","operators":[]},{"name":"associated_cens","type":"jsonb","description":"The list of Cloud Enterprise Network (CEN) instances to which the VPC is attached. No value is returned if the VPC is not attached to any CEN instance.","operators":[]},{"name":"cen_status","type":"text","description":"Indicates whether the VPC is attached to any Cloud Enterprise Network (CEN) instance.","operators":[]},{"name":"cidr_block","type":"cidr","description":"The IPv4 CIDR block of the VPC.","operators":[]},{"name":"classic_link_enabled","type":"boolean","description":"True if the ClassicLink function is enabled.","operators":[]},{"name":"cloud_resources","type":"jsonb","description":"The list of resources in the VPC.","operators":[]},{"name":"creation_time","type":"timestamp with time zone","description":"The creation time of the VPC.","operators":[]},{"name":"description","type":"text","description":"The description of the VPC.","operators":[]},{"name":"dhcp_options_set_id","type":"text","description":"The ID of the DHCP options set associated to vpc.","operators":[]},{"name":"dhcp_options_set_status","type":"text","description":"The status of the VPC network that is associated with the DHCP options set. Valid values: InUse and Pending","operators":[]},{"name":"ipv6_cidr_block","type":"cidr","description":"The IPv6 CIDR block of the VPC.","operators":[]},{"name":"ipv6_cidr_blocks","type":"jsonb","description":"The IPv6 CIDR blocks of the VPC.","operators":[]},{"name":"is_default","type":"boolean","description":"True if the VPC is the default VPC in the region.","operators":["!=","="]},{"name":"name","type":"text","description":"The name of the VPC.","operators":["="]},{"name":"nat_gateway_ids","type":"jsonb","description":"A list of IDs of NAT Gateways.","operators":[]},{"name":"network_acl_num","type":"text","description":"","operators":[]},{"name":"owner_id","type":"text","description":"The ID of the owner of the VPC.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"resource_group_id","type":"text","description":"The ID of the resource group to which the VPC belongs.","operators":[]},{"name":"route_table_ids","type":"jsonb","description":"A list of IDs of route tables.","operators":[]},{"name":"secondary_cidr_blocks","type":"jsonb","description":"A list of secondary IPv4 CIDR blocks of the VPC.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"status","type":"text","description":"The status of the VPC. Pending: The VPC is being configured. Available: The VPC is available.","operators":[]},{"name":"support_advanced_feature","type":"boolean","description":"","operators":[]},{"name":"tags","type":"jsonb","description":"A map of tags for the resource.","operators":[]},{"name":"tags_src","type":"jsonb","description":"A map of tags for the resource.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"user_cidrs","type":"jsonb","description":"A list of user CIDRs.","operators":[]},{"name":"vpc_id","type":"text","description":"The unique ID of the VPC.","operators":["="]},{"name":"vrouter_id","type":"text","description":"The ID of the VRouter.","operators":[]},{"name":"vswitch_ids","type":"jsonb","description":"A list of VSwitches in the VPC.","operators":[]}],"description":"A virtual private cloud service that provides an isolated cloud network to operate resources in a secure environment.","queriesCount":0,"examplesCount":4,"readme":"$4a"},{"name":"alicloud_vpc_dhcp_options_set","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"associate_vpc_count","type":"bigint","description":"The number of VPCs associated with DHCP option set.","operators":[]},{"name":"associate_vpcs","type":"jsonb","description":"The information of the VPC network that is associated with the DHCP options set.","operators":[]},{"name":"boot_file_name","type":"text","description":"The boot file name of DHCP option set.","operators":[]},{"name":"description","type":"text","description":"The description for the DHCP option set.","operators":[]},{"name":"dhcp_options_set_id","type":"text","description":"The ID of the DHCP option set.","operators":["="]},{"name":"domain_name","type":"text","description":"The root domain.","operators":["="]},{"name":"domain_name_servers","type":"text","description":"The IP addresses of your DNS servers.","operators":[]},{"name":"name","type":"text","description":"The name of the DHCP option set.","operators":["="]},{"name":"owner_id","type":"text","description":"The ID of the account to which the DHCP options set belongs.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"status","type":"text","description":"The status of the DHCP option set.","operators":[]},{"name":"tftp_server_name","type":"text","description":"The tftp server name of the DHCP option set.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]}],"description":"Aliclod VPC DHCP Options Set","queriesCount":0,"examplesCount":3,"readme":"$4b"},{"name":"alicloud_vpc_eip","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"allocation_id","type":"text","description":"The unique ID of the EIP.","operators":["="]},{"name":"allocation_time","type":"timestamp with time zone","description":"The time when the EIP was created.","operators":[]},{"name":"arn","type":"text","description":"The Alibaba Cloud Resource Name (ARN) of the EIP.","operators":[]},{"name":"available_regions","type":"jsonb","description":"The ID of the region to which the EIP belongs.","operators":[]},{"name":"bandwidth","type":"text","description":"The peak bandwidth of the EIP. Unit: Mbit/s.","operators":[]},{"name":"bandwidth_package_bandwidth","type":"text","description":"The maximum bandwidth of the EIP in Mbit/s.","operators":[]},{"name":"bandwidth_package_type","type":"text","description":"The bandwidth value of the EIP Bandwidth Plan to which the EIP is added.","operators":[]},{"name":"charge_type","type":"text","description":"The billing method of the EIP","operators":[]},{"name":"description","type":"text","description":"The description of the EIP.","operators":[]},{"name":"expired_time","type":"timestamp with time zone","description":"The expiration time of the EIP.","operators":[]},{"name":"has_reservation_data","type":"boolean","description":"Indicates whether renewal data is included.","operators":[]},{"name":"hd_monitor_status","type":"text","description":"Indicates whether fine-grained monitoring is enabled for the EIP.","operators":[]},{"name":"instance_id","type":"text","description":"The ID of the instance to which the EIP is bound.","operators":[]},{"name":"instance_region_id","type":"text","description":"The region ID of the bound resource.","operators":[]},{"name":"instance_type","type":"text","description":"The type of the instance to which the EIP is bound.","operators":[]},{"name":"internet_charge_type","type":"text","description":"The metering method of the EIP can be one of PayByBandwidth or PayByTraffic.","operators":[]},{"name":"ip_address","type":"inet","description":"The IP address of the EIP.","operators":[]},{"name":"isp","type":"text","description":"The Internet service provider.","operators":[]},{"name":"mode","type":"text","description":"The type of the instance to which you want to bind the EIP.","operators":[]},{"name":"name","type":"text","description":"The name of the EIP.","operators":[]},{"name":"netmode","type":"text","description":"The network type of the EIP.","operators":[]},{"name":"operation_locks_reason","type":"jsonb","description":"The reason why the EIP is locked. Valid values: financial security.","operators":[]},{"name":"private_ip_address","type":"boolean","description":"","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"resource_group_id","type":"text","description":"The ID of the resource group.","operators":[]},{"name":"second_limited","type":"boolean","description":"Indicates whether level-2 traffic throttling is configured.","operators":[]},{"name":"segment_instance_id","type":"text","description":"The ID of the instance with which the contiguous EIP is associated.","operators":[]},{"name":"service_managed","type":"bigint","description":"","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"status","type":"text","description":"The status of the EIP.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]}],"description":"An independent public IP resource that decouples ECS and public IP resources, allowing you to flexibly manage public IP resources.","queriesCount":0,"examplesCount":3,"readme":"$4c"},{"name":"alicloud_vpc_flow_log","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"creation_time","type":"timestamp with time zone","description":"The time when the flow log was created.","operators":[]},{"name":"description","type":"text","description":"The description of the flow log.","operators":[]},{"name":"flow_log_id","type":"text","description":"The ID of the flow log.","operators":["="]},{"name":"log_store_name","type":"text","description":"Log store for storing captured traffic.","operators":["="]},{"name":"name","type":"text","description":"The name of the flow log.","operators":["="]},{"name":"project_name","type":"text","description":"Project that manages captured traffic.","operators":["="]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"resource_id","type":"text","description":"The resource ID of the traffic to capture.","operators":["="]},{"name":"resource_type","type":"text","description":"The resource type of traffic to capture.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"status","type":"text","description":"The status of the flow log.","operators":["="]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"traffic_type","type":"text","description":"The collected traffic type. ","operators":["="]}],"description":"Alicloud VPC Flow Log","queriesCount":0,"examplesCount":3,"readme":"$4d"},{"name":"alicloud_vpc_nat_gateway","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"auto_pay","type":"boolean","description":"Indicates whether auto pay is enabled.","operators":[]},{"name":"billing_method","type":"text","description":"The billing method of the NAT gateway.","operators":[]},{"name":"business_status","type":"text","description":"The status of the NAT gateway.","operators":[]},{"name":"creation_time","type":"timestamp with time zone","description":"The time when the NAT gateway was created.","operators":[]},{"name":"deletion_protection","type":"boolean","description":"Indicates whether deletion protection is enabled.","operators":[]},{"name":"description","type":"text","description":"The description of the NAT gateway.","operators":[]},{"name":"ecs_metric_enabled","type":"boolean","description":"Indicates whether the traffic monitoring feature is enabled.","operators":[]},{"name":"expired_ime","type":"timestamp with time zone","description":"The time when the NAT gateway expires.","operators":[]},{"name":"forward_table_ids","type":"jsonb","description":"The ID of the Destination Network Address Translation (DNAT) table.","operators":[]},{"name":"internet_charge_type","type":"text","description":"The billing method of the NAT gateway.","operators":[]},{"name":"ip_lists","type":"jsonb","description":"The elastic IP address (EIP) that is associated with the NAT gateway.","operators":[]},{"name":"name","type":"text","description":"The name of the NAT gateway.","operators":[]},{"name":"nat_gateway_id","type":"text","description":"The ID of the NAT gateway.","operators":["="]},{"name":"nat_gateway_private_info","type":"jsonb","description":"The information of the virtual private cloud (VPC) to which the enhanced NAT gateway belongs.","operators":[]},{"name":"nat_type","type":"text","description":"The type of the NAT gateway. Valid values: 'Normal' and 'Enhanced'.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"resource_group_id","type":"text","description":"The ID of the resource group.","operators":[]},{"name":"snat_table_ids","type":"jsonb","description":"The ID of the SNAT table for the NAT gateway.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"spec","type":"text","description":"The size of the NAT gateway.","operators":[]},{"name":"status","type":"text","description":"The state of the NAT gateway.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"vpc_id","type":"text","description":"The ID of the virtual private cloud (VPC) to which the NAT gateway belongs.","operators":[]}],"description":"Aliclod VPC NAT Gateway","queriesCount":0,"examplesCount":5,"readme":"$4e"},{"name":"alicloud_vpc_network_acl","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"creation_time","type":"timestamp with time zone","description":"The time when the network ACL was created.","operators":[]},{"name":"description","type":"text","description":"The description of the network ACL.","operators":[]},{"name":"egress_acl_entries","type":"jsonb","description":"A list of outbound rules of the network ACL.","operators":[]},{"name":"ingress_acl_entries","type":"jsonb","description":"A list of inbound rules of the network ACL.","operators":[]},{"name":"name","type":"text","description":"The name of the network ACL.","operators":[]},{"name":"network_acl_id","type":"text","description":"The ID of the network ACL.","operators":["="]},{"name":"owner_id","type":"bigint","description":"The ID of the owner of the resource.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"region_id","type":"text","description":"The name of the region where the resource resides.","operators":[]},{"name":"resources","type":"jsonb","description":"A list of associated resources.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"status","type":"text","description":"The status of the network ACL.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"vpc_id","type":"text","description":"The ID of the VPC associated with the network ACL.","operators":[]}],"description":"Alicloud VPC Network ACL","queriesCount":0,"examplesCount":3,"readme":"$4f"},{"name":"alicloud_vpc_route_entry","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"description","type":"text","description":"The description of the VRouter.","operators":[]},{"name":"destination_cidr_block","type":"cidr","description":"The destination Classless Inter-Domain Routing (CIDR) block of the route entry.","operators":[]},{"name":"instance_id","type":"text","description":"The ID of the instance associated with the next hop.","operators":[]},{"name":"ip_version","type":"text","description":"The version of the IP protocol.","operators":[]},{"name":"name","type":"text","description":"The name of the route entry.","operators":[]},{"name":"next_hop_oppsite_instance_id","type":"text","description":"The ID of the instance associated with the next hop.","operators":[]},{"name":"next_hop_oppsite_region_id","type":"text","description":"The region where the next hop instance is deployed.","operators":[]},{"name":"next_hop_oppsite_type","type":"text","description":"The type of the next hop.","operators":[]},{"name":"next_hop_region_id","type":"text","description":"The region where the next hop instance is deployed.","operators":[]},{"name":"next_hop_type","type":"text","description":"The type of the next hop.","operators":[]},{"name":"next_hops","type":"jsonb","description":"The information about the next hop.","operators":[]},{"name":"private_ip_address","type":"inet","description":"Specifies the private ip address for the route entry.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"route_entry_id","type":"text","description":"The ID of the route entry.","operators":[]},{"name":"route_table_id","type":"text","description":"The ID of the route table.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"status","type":"text","description":"The status of the route entry.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"type","type":"text","description":"The type of the route entry.","operators":[]}],"description":"Alicloud VPC Route Entry","queriesCount":0,"examplesCount":2,"readme":"$50"},{"name":"alicloud_vpc_route_table","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"creation_time","type":"timestamp with time zone","description":"The time when the Route Table was created.","operators":[]},{"name":"description","type":"text","description":"The description of the Route Table.","operators":[]},{"name":"name","type":"text","description":"The name of the Route Table.","operators":[]},{"name":"owner_id","type":"text","description":"The ID of the owner of the VPC.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"resource_group_id","type":"text","description":"The ID of the resource group to which the VPC belongs.","operators":[]},{"name":"route_entries","type":"jsonb","description":"Route entry represents a route item of one VPC route table.","operators":[]},{"name":"route_table_id","type":"text","description":"The id of the Route Table.","operators":["="]},{"name":"route_table_type","type":"text","description":"The type of Route Table.","operators":[]},{"name":"router_id","type":"text","description":"The ID of the region to which the VPC belongs.","operators":[]},{"name":"router_type","type":"text","description":"The type of the VRouter to which the route table belongs. Valid Values are 'VRouter' and 'VBR'.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"status","type":"text","description":"The status of the route table.","operators":[]},{"name":"tags","type":"jsonb","description":"A map of tags for the resource.","operators":[]},{"name":"tags_src","type":"jsonb","description":"A list of tags assigned to the resource.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"vpc_id","type":"text","description":"The ID of the VPC to which the route table belongs.","operators":[]},{"name":"vswitch_ids","type":"jsonb","description":"The unique ID of the VPC.","operators":[]}],"description":"Alicloud VPC Route Table","queriesCount":0,"examplesCount":3,"readme":"$51"},{"name":"alicloud_vpc_ssl_vpn_client_cert","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"ca_cert","type":"text","description":"The CA certificate.","operators":[]},{"name":"client_cert","type":"text","description":"The client certificate.","operators":[]},{"name":"client_config","type":"text","description":"The client configuration.","operators":[]},{"name":"client_key","type":"text","description":"The client key.","operators":[]},{"name":"create_time","type":"timestamp with time zone","description":"The time when the SSL client certificate was created.","operators":[]},{"name":"end_time","type":"timestamp with time zone","description":"The time when the SSL client certificate expires.","operators":[]},{"name":"name","type":"text","description":"The name of the SSL client certificate.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"ssl_vpn_client_cert_id","type":"text","description":"The ID of the SSL client certificate.","operators":["="]},{"name":"ssl_vpn_server_id","type":"text","description":"The ID of the SSL-VPN server.","operators":[]},{"name":"status","type":"text","description":"The status of the client certificate.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]}],"description":"SSL Client is responsible for managing client certificates. The client needs to first complete certificate verification in order to connect to the SSL Server.","queriesCount":0,"examplesCount":3,"readme":"$52"},{"name":"alicloud_vpc_ssl_vpn_server","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"cipher","type":"text","description":"The encryption algorithm.","operators":[]},{"name":"client_ip_pool","type":"cidr","description":"The client IP address pool.","operators":[]},{"name":"connections","type":"bigint","description":"The total number of current connections.","operators":[]},{"name":"create_time","type":"timestamp with time zone","description":"The time when the SSL-VPN server was created.","operators":[]},{"name":"enable_multi_factor_auth","type":"boolean","description":"Indicates whether the multi factor authenticaton is enabled.","operators":[]},{"name":"internet_ip","type":"inet","description":"The public IP address.","operators":[]},{"name":"is_compressed","type":"boolean","description":"Indicates whether the transmitted data is compressed.","operators":[]},{"name":"local_subnet","type":"text","description":"The CIDR block of the client.","operators":[]},{"name":"max_connections","type":"bigint","description":"The maximum number of connections.","operators":[]},{"name":"name","type":"text","description":"The name of the SSL-VPN server.","operators":[]},{"name":"port","type":"bigint","description":"The port used by the SSL-VPN server.","operators":[]},{"name":"proto","type":"text","description":"The protocol used by the SSL-VPN server.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"ssl_vpn_server_id","type":"text","description":"The ID of the SSL-VPN server.","operators":["="]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"vpn_gateway_id","type":"text","description":"The ID of the VPN gateway.","operators":[]}],"description":"SSL Server refers to the SSL-VPN server within the VPC. It authenticates clients and manages configurations.","queriesCount":0,"examplesCount":6,"readme":"$53"},{"name":"alicloud_vpc_vpn_connection","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"create_time","type":"timestamp with time zone","description":"The time when the IPsec-VPN connection was created.","operators":[]},{"name":"customer_gateway_id","type":"text","description":"The ID of the customer gateway.","operators":[]},{"name":"effect_immediately","type":"boolean","description":"Indicates whether IPsec-VPN negotiations are initiated immediately.","operators":[]},{"name":"enable_dpd","type":"boolean","description":"Indicates whether dead peer detection (DPD) is enabled.","operators":[]},{"name":"enable_nat_traversal","type":"boolean","description":"Indicates whether to enable the NAT traversal feature.","operators":[]},{"name":"ike_config","type":"jsonb","description":"The configurations of Phase 1 negotiations.","operators":[]},{"name":"ipsec_config","type":"jsonb","description":"The configurations for Phase 2 negotiations.","operators":[]},{"name":"local_subnet","type":"cidr","description":"The CIDR block of the virtual private cloud (VPC).","operators":[]},{"name":"name","type":"text","description":"The name of the IPsec-VPN connection.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"remote_subnet","type":"cidr","description":"The CIDR block of the on-premises data center.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"status","type":"text","description":"The status of the IPsec-VPN connection.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"vco_health_check","type":"jsonb","description":"The health check configurations.","operators":[]},{"name":"vpn_bgp_config","type":"jsonb","description":"BGP configuration information.","operators":[]},{"name":"vpn_connection_id","type":"text","description":"The ID of the IPsec-VPN connection.","operators":["="]},{"name":"vpn_gateway_id","type":"text","description":"The ID of the VPN gateway.","operators":[]}],"description":"VPN Connection is an Internet-based tunnel between VPN Gateway and User Gateway.","queriesCount":0,"examplesCount":3,"readme":"$54"},{"name":"alicloud_vpc_vpn_customer_gateway","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"asn","type":"bigint","description":"Specifies the ASN of the customer gateway.","operators":[]},{"name":"create_time","type":"timestamp with time zone","description":"The time when the customer gateway was created.","operators":[]},{"name":"customer_gateway_id","type":"text","description":"The ID of the customer gateway.","operators":["="]},{"name":"description","type":"text","description":"The description of the customer gateway.","operators":[]},{"name":"ip_address","type":"inet","description":"The IP address of the customer gateway.","operators":[]},{"name":"name","type":"text","description":"The name of the customer gateway.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]}],"description":"Alicloud VPC VPN Customer Gateway.","queriesCount":0,"examplesCount":1,"readme":"$55"},{"name":"alicloud_vpc_vpn_gateway","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"auto_propagate","type":"boolean","description":"Indicates whether auto propagate is enabled, or not.","operators":[]},{"name":"billing_method","type":"text","description":"The billing method of the VPN gateway.","operators":[]},{"name":"business_status","type":"text","description":"The business state of the VPN gateway.","operators":[]},{"name":"create_time","type":"timestamp with time zone","description":"The time when the VPN gateway was created.","operators":[]},{"name":"description","type":"text","description":"The description of the VPN gateway.","operators":[]},{"name":"enable_bgp","type":"boolean","description":"Indicates whether bgp is enabled.","operators":[]},{"name":"end_time","type":"timestamp with time zone","description":"The creation time of the VPC.","operators":[]},{"name":"internet_ip","type":"inet","description":"The public IP address of the VPN gateway.","operators":[]},{"name":"ipsec_vpn","type":"text","description":"Indicates whether the IPsec-VPN feature is enabled.","operators":[]},{"name":"name","type":"text","description":"The name of the VPN gateway.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"reservation_data","type":"jsonb","description":"A set of reservation details.","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"spec","type":"text","description":"The maximum bandwidth of the VPN gateway.","operators":[]},{"name":"ssl_max_connections","type":"bigint","description":"The maximum number of concurrent SSL-VPN connections.","operators":[]},{"name":"ssl_vpn","type":"text","description":"Indicates whether the SSL-VPN feature is enabled.","operators":[]},{"name":"status","type":"text","description":"The status of the VPN gateway.","operators":[]},{"name":"tag","type":"text","description":"The tag of the VPN gateway.","operators":[]},{"name":"tags","type":"jsonb","description":"A map of tags for the resource.","operators":[]},{"name":"tags_src","type":"jsonb","description":"A list of tags attached with the resource.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"vpc_id","type":"text","description":"The ID of the VPC for which the VPN gateway is created.","operators":[]},{"name":"vpn_gateway_id","type":"text","description":"The ID of the VPN gateway.","operators":["="]},{"name":"vswitch_id","type":"text","description":"The ID of the VSwitch to which the VPN gateway belongs.","operators":[]}],"description":"Alicloud VPC VPN Gateway.","queriesCount":0,"examplesCount":5,"readme":"$56"},{"name":"alicloud_vpc_vswitch","columns":[{"name":"_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"account_id","type":"text","description":"The Alicloud Account ID in which the resource is located.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"akas","type":"jsonb","description":"Array of globally unique identifier strings (also known as) for the resource.","operators":[]},{"name":"available_ip_address_count","type":"bigint","description":"The number of available IP addresses in the VSwitch.","operators":[]},{"name":"cidr_block","type":"cidr","description":"The IPv4 CIDR block of the VPC.","operators":[]},{"name":"cloud_resources","type":"jsonb","description":"The list of resources in the VSwitch.","operators":[]},{"name":"creation_time","type":"timestamp with time zone","description":"The creation time of the VPC.","operators":[]},{"name":"description","type":"text","description":"The description of the VPC.","operators":[]},{"name":"ipv6_cidr_block","type":"cidr","description":"The IPv6 CIDR block of the VPC.","operators":[]},{"name":"is_default","type":"boolean","description":"True if the VPC is the default VPC in the region.","operators":[]},{"name":"name","type":"text","description":"The name of the VPC.","operators":[]},{"name":"network_acl_id","type":"text","description":"A list of IDs of NAT Gateways.","operators":[]},{"name":"owner_id","type":"text","description":"The ID of the owner of the VPC.","operators":[]},{"name":"region","type":"text","description":"The Alicloud region in which the resource is located.","operators":[]},{"name":"resource_group_id","type":"text","description":"The ID of the resource group to which the VPC belongs.","operators":[]},{"name":"route_table","type":"jsonb","description":"Details of the route table.","operators":[]},{"name":"share_type","type":"text","description":"","operators":[]},{"name":"sp_connection_name","type":"text","description":"Steampipe connection name.","operators":["=","!=","~~","~~*","!~~","!~~*"]},{"name":"sp_ctx","type":"jsonb","description":"Steampipe context in JSON form.","operators":[]},{"name":"status","type":"text","description":"The status of the VPC. Pending: The VPC is being configured. Available: The VPC is available.","operators":[]},{"name":"tags","type":"jsonb","description":"A map of tags for the resource.","operators":[]},{"name":"tags_src","type":"jsonb","description":"A map of tags for the resource.","operators":[]},{"name":"title","type":"text","description":"Title of the resource.","operators":[]},{"name":"vpc_id","type":"text","description":"The ID of the VPC to which the VSwitch belongs.","operators":[]},{"name":"vswitch_id","type":"text","description":"The unique ID of the VPC.","operators":[]},{"name":"zone_id","type":"text","description":"The zone to which the VSwitch belongs.","operators":[]}],"description":"VSwitches to divide the VPC network into one or more subnets.","queriesCount":0,"examplesCount":3,"readme":"$57"}],"queries":{"kms":{"manual_control":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/manual_control","org":"turbot","name":"manual_control","sql":"select\n 'arn:acs:::' || account_id as resource,\n 'info' as status,\n 'Manual verification required.' as reason\n , account_id as account_id\nfrom\n alicloud_account;\n","tags":{},"tables":["alicloud.alicloud_account"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/manual_control.pp","startLineNumber":2,"endLineNumber":12,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_1_1","org":"turbot","name":"cis_v100_1_1","mod":"IBM Cloud Compliance","title":"1.1 Monitor account owner for frequent, unexpected, or unauthorized logins","description":"Monitor login activity of the account owner to prevent unauthorized usage of the privileged account.","tags":{"category":"Compliance","cis":"true","cis_item_id":"1.1","cis_level":"1","cis_section_id":"1","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/IAM"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_1_14","org":"turbot","name":"cis_v100_1_14","mod":"IBM Cloud Compliance","title":"1.14 Minimize the number of users with admin privileges in the account","description":"Comply with the principle of granting least privilege by using Access Groups to manage admin privileges and by avoiding the use of broadly scoped access policies.","tags":{"category":"Compliance","cis":"true","cis_item_id":"1.14","cis_level":"1","cis_section_id":"1","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/IAM"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_1_15","org":"turbot","name":"cis_v100_1_15","mod":"IBM Cloud Compliance","title":"1.15 Minimize the number of Service IDs with admin privileges in the account","description":"Comply with the principle of granting least privilege by using Access Groups to manage admin privileges and by avoiding the use of many Service IDs with Administrative Privileges.","tags":{"category":"Compliance","cis":"true","cis_item_id":"1.15","cis_level":"1","cis_section_id":"1","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/IAM"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_1_17","org":"turbot","name":"cis_v100_1_17","mod":"IBM Cloud Compliance","title":"1.17 Ensure Inactive User Accounts are Suspend","description":"Revoke access privileges for users in an IBM Cloud account that are inactive, typically defined as user accounts with no logins in a given time frame.","tags":{"category":"Compliance","cis":"true","cis_item_id":"1.17","cis_level":"1","cis_section_id":"1","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/IAM"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_1_18","org":"turbot","name":"cis_v100_1_18","mod":"IBM Cloud Compliance","title":"1.18 Enable audit logging for IBM Cloud Identity and Access Management","description":"Use the IBM Cloud Activity Tracker with LogDNA service to monitor certain IAM events.","tags":{"category":"Compliance","cis":"true","cis_item_id":"1.18","cis_level":"1","cis_section_id":"1","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/IAM"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_1_19","org":"turbot","name":"cis_v100_1_19","mod":"IBM Cloud Compliance","title":"1.19 Ensure Identity Federation is set up with a Corporate IDP","description":"Allow users to log in to IBM Cloud by using their corporate Identity Provider (IdP) to authenticate.","tags":{"category":"Compliance","cis":"true","cis_item_id":"1.19","cis_level":"1","cis_section_id":"1","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/IAM"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_1_2","org":"turbot","name":"cis_v100_1_2","mod":"IBM Cloud Compliance","title":"1.2 Ensure API keys unused for 180 days are detected and optionally disabled","description":"Monitor API key usage in your account and search for API keys that are unused or used infrequently.","tags":{"category":"Compliance","cis":"true","cis_item_id":"1.2","cis_level":"1","cis_section_id":"1","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/IAM"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_1_6","org":"turbot","name":"cis_v100_1_6","mod":"IBM Cloud Compliance","title":"1.6 Ensure compliance with IBM Cloud password requirements","description":"A strong password is a very important step towards account security and safety. Passwords should never be shared with anyone, and must follow the strong password requirements.","tags":{"category":"Compliance","cis":"true","cis_item_id":"1.6","cis_level":"1","cis_section_id":"1","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/IAM"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_3_1","org":"turbot","name":"cis_v100_3_1","mod":"IBM Cloud Compliance","title":"3.1 Ensure auditing is configured in the IBM Cloud account","description":"Collect audit events from IBM Cloud resources so that you can monitor activity in your IBM Cloud account.","tags":{"category":"Compliance","cis":"true","cis_item_id":"3.1","cis_level":"1","cis_section_id":"3","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/Monitoring"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_3_2","org":"turbot","name":"cis_v100_3_2","mod":"IBM Cloud Compliance","title":"3.2 Ensure that archiving is enabled for audit events","description":"Archive events for long-term storage so that you have access to data for a longer period of time, you can comply with highly regulated environments, you can recover quickly in the eventuality of a disaster scenario, and you can adhere to internal data storage policies","tags":{"category":"Compliance","cis":"true","cis_item_id":"3.2","cis_level":"2","cis_section_id":"3","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/Monitoring"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_3_3","org":"turbot","name":"cis_v100_3_3","mod":"IBM Cloud Compliance","title":"3.3 Ensure that events are collected and processed to identify anomalies or abnormal events","description":"Events that you collect and centralize in the IBM Cloud Activity Tracker with LogDNA service provide information about actions that take place on your account. You can analyze this data to resolve problems, identify anomalies, and be notified of abnormal situations.","tags":{"category":"Compliance","cis":"true","cis_item_id":"3.3","cis_level":"2","cis_section_id":"3","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/Monitoring"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_3_4","org":"turbot","name":"cis_v100_3_4","mod":"IBM Cloud Compliance","title":"3.4 Ensure alerts are defined on custom views to notify of unauthorized requests, critical account actions, and high-impact operations in your account","description":"Events that you collect and centralize in the IBM Cloud Activity Tracker with LogDNA service provide information about actions that take place on your account. You can define alerts to notify promptly of problems, anomalies, and abnormal situations.","tags":{"category":"Compliance","cis":"true","cis_item_id":"3.4","cis_level":"2","cis_section_id":"3","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/Monitoring"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_3_5","org":"turbot","name":"cis_v100_3_5","mod":"IBM Cloud Compliance","title":"3.5 Ensure the account owner can login only from a list of authorized countries/IP ranges","description":"Monitor the account owner's access to the IBM Cloud account is done from authorized locations that are restricted by IP addresses.","tags":{"category":"Compliance","cis":"true","cis_item_id":"3.5","cis_level":"2","cis_section_id":"3","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/Monitoring"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_3_6","org":"turbot","name":"cis_v100_3_6","mod":"IBM Cloud Compliance","title":"3.6 Ensure Activity Tracker data is encrypted at rest","description":"Ensure Activity Tracker data is encrypted at rest.","tags":{"category":"Compliance","cis":"true","cis_item_id":"3.6","cis_level":"2","cis_section_id":"3","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/Monitoring"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_3_7","org":"turbot","name":"cis_v100_3_7","mod":"IBM Cloud Compliance","title":"3.7 Ensure Activity Tracker trails are integrated with LogDNA Logs","description":"Check whether Activity Tracker trails are integrated with LogDNA Logs.","tags":{"category":"Compliance","cis":"true","cis_item_id":"3.7","cis_level":"2","cis_section_id":"3","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/Monitoring"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_4_1","org":"turbot","name":"cis_v100_4_1","mod":"IBM Cloud Compliance","title":"4.1 Ensure IBM Cloud Databases disk encryption is enabled with customer managed keys","tags":{"category":"Compliance","cis":"true","cis_item_id":"4.1","cis_level":"1","cis_section_id":"4","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/Database"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_4_2","org":"turbot","name":"cis_v100_4_2","mod":"IBM Cloud Compliance","title":"4.2 Ensure IBM Cloud Databases are only accessible via HTTPS or TLS Connections","tags":{"category":"Compliance","cis":"true","cis_item_id":"4.2","cis_level":"2","cis_section_id":"4","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/Database"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_4_3","org":"turbot","name":"cis_v100_4_3","mod":"IBM Cloud Compliance","title":"4.3 Ensure network access to IBM Cloud Databases service is set to be exposed on “Private end points only","tags":{"category":"Compliance","cis":"true","cis_item_id":"4.3","cis_level":"2","cis_section_id":"4","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/Database"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_4_4","org":"turbot","name":"cis_v100_4_4","mod":"IBM Cloud Compliance","title":"4.4 Ensure IBM Cloud Databases disk encryption is set to On","tags":{"category":"Compliance","cis":"true","cis_item_id":"4.4","cis_level":"2","cis_section_id":"4","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/Database"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_5_1","org":"turbot","name":"cis_v100_5_1","mod":"IBM Cloud Compliance","title":"5.1 Ensure Cloudant encryption is set to On","tags":{"category":"Compliance","cis":"true","cis_item_id":"5.1","cis_level":"1","cis_section_id":"5","cis_type":"automated","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/Cloudant"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_5_2","org":"turbot","name":"cis_v100_5_2","mod":"IBM Cloud Compliance","title":"5.2 Ensure IBM Cloudant encryption is enabled with customer managed keys","tags":{"category":"Compliance","cis":"true","cis_item_id":"5.2","cis_level":"1","cis_section_id":"5","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/Cloudant"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_5_3","org":"turbot","name":"cis_v100_5_3","mod":"IBM Cloud Compliance","title":"5.3 Ensure IBM Cloudant is only accessible via HTTPS or TLS Connections","tags":{"category":"Compliance","cis":"true","cis_item_id":"5.3","cis_level":"1","cis_section_id":"5","cis_type":"automated","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/Cloudant"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_9_1","org":"turbot","name":"cis_v100_9_1","mod":"IBM Cloud Compliance","title":"9.1 Ensure alerts are enabled for vulnerabilities discovered in container images in Container Registry","description":"Monitor login activity of the account owner to prevent unauthorized usage of the privileged account.","tags":{"category":"Compliance","cis":"true","cis_item_id":"9.1","cis_level":"1","cis_section_id":"9","cis_type":"automated","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/SCC"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_2_1_2","org":"turbot","name":"cis_v100_2_1_2","mod":"IBM Cloud Compliance","title":"2.1.2 Ensure network access for Cloud Object Storage is restricted to specific IP range","description":"","tags":{"category":"Compliance","cis":"true","cis_item_id":"2.1.2","cis_level":"1","cis_section_id":"2.1","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/Storage"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_2_1_3","org":"turbot","name":"cis_v100_2_1_3","mod":"IBM Cloud Compliance","title":"2.1.3 Ensure network access for Cloud Object Storage is set to be exposed only on Private end-points","description":"","tags":{"category":"Compliance","cis":"true","cis_item_id":"2.1.3","cis_level":"1","cis_section_id":"2.1","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/Storage"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_2_1_4","org":"turbot","name":"cis_v100_2_1_4","mod":"IBM Cloud Compliance","title":"2.1.4 Ensure Cloud Object Storage bucket access is restricted by using IAM and S3 access control","tags":{"category":"Compliance","cis":"true","cis_item_id":"2.1.4","cis_level":"1","cis_section_id":"2.1","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/Storage"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_2_2_2","org":"turbot","name":"cis_v100_2_2_2","mod":"IBM Cloud Compliance","title":"2.2.2 Ensure 'OS disk' are encrypted with Customer managed keys","description":"By default, IBM Cloud Block Storage provides provider-managed encryption for all data. For enhanced security, customers can bring their own encryption keys and manage them through IBM Key Management Services – Key Protect or Hyper Protect Crypto Services (HPCS). Provider-managed encryption is turned on by default and cannot be turned off.","tags":{"category":"Compliance","cis":"true","cis_item_id":"2.2.2","cis_level":"2","cis_section_id":"2.2","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/BlockStorage"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_2_2_3","org":"turbot","name":"cis_v100_2_2_3","mod":"IBM Cloud Compliance","title":"2.2.3 Ensure 'Data disks' are encrypted with customer managed keys","description":"By default, IBM Cloud Block Storage provides provider-managed encryption for all data. For enhanced security, customers can bring their own encryption keys and manage them through IBM Key Management Services – Key Protect or Hyper Protect Crypto Services (HPCS). Provider-managed encryption is turned on by default and cannot be turned off.","tags":{"category":"Compliance","cis":"true","cis_item_id":"2.2.3","cis_level":"2","cis_section_id":"2.2","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/BlockStorage"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_2_2_4","org":"turbot","name":"cis_v100_2_2_4","mod":"IBM Cloud Compliance","title":"2.2.4 Ensure 'Unattached disks' are encrypted with customer managed keys","description":"By default, IBM Cloud Block Storage provides provider-managed encryption for all data. For enhanced security, customers can bring their own encryption keys and manage them through IBM Key Management Services – Key Protect or Hyper Protect Crypto Services (HPCS). Provider-managed encryption is turned on by default and cannot be turned off.","tags":{"category":"Compliance","cis":"true","cis_item_id":"2.2.4","cis_level":"1","cis_section_id":"2.2","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/BlockStorage"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_6_2_2","org":"turbot","name":"cis_v100_6_2_2","mod":"IBM Cloud Compliance","title":"6.2.2 Ensure the default security group of every VPC restricts all traffic","description":"VPC security groups provide stateful filtering of ingress/egress network traffic to Virtual Server. It is recommended that no security group allows unrestricted ingress access to a Virtual Server. Unless modified, the default security group allows inbound traffic from all members of the group that is, all other virtual servers that are attached to this security group.","tags":{"category":"Compliance","cis":"true","cis_item_id":"6.2.2","cis_level":"1","cis_section_id":"6.2","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/VPC"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_7_1_2","org":"turbot","name":"cis_v100_7_1_2","mod":"IBM Cloud Compliance","title":"7.1.2 Ensure TLS 1.2 for all inbound traffic at IBM Cloud Kubernetes Service Ingress","description":"Ensure that all insecure (HTTP) client requests to applications and services hosted on IBM Cloud Kubernetes Service are redirected to secure TLS connections (HTTPS), and ensure that only TLS versions 1.2+ are supported.","tags":{"category":"Compliance","cis":"true","cis_item_id":"7.1.2","cis_level":"1","cis_section_id":"7.1","cis_type":"automated","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/Containers"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_7_1_3","org":"turbot","name":"cis_v100_7_1_3","mod":"IBM Cloud Compliance","title":"7.1.3 Ensure IBM Cloud Kubernetes Service worker nodes are updated to the latest image to ensure patching of vulnerabilities","description":"Update the worker nodes in a cluster to the latest patch version so that security fixes are applied to those worker nodes.","tags":{"category":"Compliance","cis":"true","cis_item_id":"7.1.3","cis_level":"1","cis_section_id":"7.1","cis_type":"automated","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/Containers"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_7_1_4","org":"turbot","name":"cis_v100_7_1_4","mod":"IBM Cloud Compliance","title":"7.1.4 Ensure that clusters are accessible only by using private endpoints ","description":"Disable the public service endpoint so that communication to the master from both the worker nodes and cluster users is established over the private network through the private service endpoint.","tags":{"category":"Compliance","cis":"true","cis_item_id":"7.1.4","cis_level":"1","cis_section_id":"7.1","cis_type":"automated","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/Containers"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_7_1_5","org":"turbot","name":"cis_v100_7_1_5","mod":"IBM Cloud Compliance","title":"7.1.5 Ensure IBM Cloud Kubernetes Service cluster has image pull secrets enabled","description":"Image pull secrets are credentials that authorize your cluster to pull images from a private image registry. IBM Cloud Kubernetes Service integrates with IBM Cloud Container Registry and provides pull secrets for IBM Cloud Container Registry in the default Kubernetes namespace.","tags":{"category":"Compliance","cis":"true","cis_item_id":"7.1.5","cis_level":"1","cis_section_id":"7.1","cis_type":"automated","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/Containers"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_7_1_6","org":"turbot","name":"cis_v100_7_1_6","mod":"IBM Cloud Compliance","title":"7.1.6 Ensure IBM Cloud Kubernetes Service clusters have the monitoring service enabled","description":"With IBM Cloud Monitoring with Sysdig, you can collect cluster and pod metrics, such as the CPU and memory usage of your worker nodes, incoming and outgoing HTTP traffic for your pods, and data about several infrastructure components. In addition, the agent can collect custom application metrics by using either a Prometheus-compatible scraper or a StatsD facade.","tags":{"category":"Compliance","cis":"true","cis_item_id":"7.1.6","cis_level":"1","cis_section_id":"7.1","cis_type":"automated","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/Containers"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_7_1_7","org":"turbot","name":"cis_v100_7_1_7","mod":"IBM Cloud Compliance","title":"7.1.7 Ensure IBM Cloud Kubernetes Service clusters have the logging service enabled","description":"Create a logging configuration to forward cluster and app logs to IBM Log Analysis with LogDNA. IBM Log Analysis with LogDNA offers administrators, DevOps teams, and developers advanced features to filter, search, and tail log data, define alerts, and design custom views to monitor application and system logs.","tags":{"category":"Compliance","cis":"true","cis_item_id":"7.1.7","cis_level":"1","cis_section_id":"7.1","cis_type":"automated","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/Containers"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_7_2_1","org":"turbot","name":"cis_v100_7_2_1","mod":"IBM Cloud Compliance","title":"7.2.1 Block deployments of vulnerable images to Kubernetes clusters","tags":{"category":"Compliance","cis":"true","cis_item_id":"7.2.1","cis_level":"1","cis_section_id":"7.2","cis_type":"automated","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/Containers"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_8_1_1","org":"turbot","name":"cis_v100_8_1_1","mod":"IBM Cloud Compliance","title":"8.1.1 Ensure IBM Key Protect has automated rotation for customer managed keys enabled","tags":{"category":"Compliance","cis":"true","cis_item_id":"8.1.1","cis_level":"2","cis_section_id":"8.1","cis_type":"automated","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/KMS"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_8_1_2","org":"turbot","name":"cis_v100_8_1_2","mod":"IBM Cloud Compliance","title":"8.1.2 Ensure the IBM Key Protect service has high availability","tags":{"category":"Compliance","cis":"true","cis_item_id":"8.1.2","cis_level":"2","cis_section_id":"8.1","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/KMS"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_2_2_1_1","org":"turbot","name":"cis_v100_2_2_1_1","mod":"IBM Cloud Compliance","title":"2.2.1.1 Ensure Block Storage is encrypted with customer managed keys","description":"By default, IBM Cloud Block Storage provides provider-managed encryption for all data. For enhanced security, customers can bring their own encryption keys and manage them through IBM Key Management Services – Key Protect or Hyper Protect Crypto Services (HPCS). Provider-managed encryption is turned on by default and cannot be turned off.","tags":{"category":"Compliance","cis":"true","cis_item_id":"2.2.1.1","cis_level":"2","cis_section_id":"2.2.1","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/BlockStorage"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_2_2_1_2","org":"turbot","name":"cis_v100_2_2_1_2","mod":"IBM Cloud Compliance","title":"2.2.1.2 Ensure Block Storage is encrypted with BYOK","description":"By default, IBM Cloud Block Storage provides provider-managed encryption for all data. For enhanced security, customers can bring their own encryption keys and manage them through IBM Key Management Service – Key Protect . The customer can chose to use BYOK instead of provider-managed keys for enhanced security","tags":{"category":"Compliance","cis":"true","cis_item_id":"2.2.1.2","cis_level":"2","cis_section_id":"2.2.1","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/BlockStorage"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_2_2_1_3","org":"turbot","name":"cis_v100_2_2_1_3","mod":"IBM Cloud Compliance","title":"2.2.1.3 Ensure Block Storage is encrypted with KYOK","description":"By default, IBM Cloud Block Storage provides provider-managed encryption for all data. For enhanced security, customers can bring their own encryption keys and manage them through IBM Key Management Service – Hyper Protect Crypto Services (HPCS). The customer can chose to use BYOK instead of provider-managed keys for enhanced security","tags":{"category":"Compliance","cis":"true","cis_item_id":"2.2.1.3","cis_level":"2","cis_section_id":"2.2.1","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/BlockStorage"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_7_1_1_1","org":"turbot","name":"cis_v100_7_1_1_1","mod":"IBM Cloud Compliance","title":"7.1.1.1 Ensure Kubernetes secrets data is encrypted with bring your own key (BYOK)","description":"IBM Key Protect for IBM Cloud helps you provision encrypted keys for apps across IBM Cloud services. Use the IBM Key Protect for IBM Cloud key management service (KMS) to encrypt data in Kubernetes secrets and prevent unauthorized users from accessing sensitive app information (for example, credentials and keys). Keys are generated by FIPS 140-2 Level 3 certified hardware security modules (HSMs) that are located in secure IBM Cloud data centers.","tags":{"category":"Compliance","cis":"true","cis_item_id":"7.1.1.1","cis_level":"1","cis_section_id":"7.1.1","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/KMS"}},{"path":"/mods/turbot/steampipe-mod-ibm-compliance/benchmarks/control.cis_v100_7_1_1_2","org":"turbot","name":"cis_v100_7_1_1_2","mod":"IBM Cloud Compliance","title":"7.1.1.2 Ensure Kubernetes secrets data is encrypted with keep your own key (KYOK)","description":"Hyper Protect Crypto Services (Hyper Protect Crypto Services for short) is a dedicated key management service and hardware security module (HSM) based on IBM Cloud. This service allows you to take the ownership of the cloud HSM to fully manage your encryption keys and to perform cryptographic operations. Use Hyper Protect Crypt Services, a dedicated key management service (KMS) and hardware security module (HSM), to encrypt data in Kubernetes secrets and prevent unauthorized users from accessing sensitive app information, for example, credentials and keys.","tags":{"category":"Compliance","cis":"true","cis_item_id":"7.1.1.2","cis_level":"1","cis_section_id":"7.1.1","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/KMS"}}],"controlTitle":"1.1 Monitor account owner for frequent, unexpected, or unauthorized logins","controlDescription":"Monitor login activity of the account owner to prevent unauthorized usage of the privileged account.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"7.1.1.2","cis_level":"1","cis_section_id":"7.1.1","cis_type":"manual","cis_version":"v1.0.0","plugin":"ibm","service":"IBM/KMS"}}},"ram":{"ram_account_password_policy_min_length_14":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/ram_account_password_policy_min_length_14","org":"turbot","name":"ram_account_password_policy_min_length_14","sql":"select\n 'acs:ram::' || a.account_id as resource,\n case\n when minimum_password_length >= 14 then 'ok'\n else 'alarm'\n end as status,\n case\n when minimum_password_length is null then 'No password policy set.'\n else 'Minimum password length set to ' || minimum_password_length || '.'\n end as reason\n , a.account_id as account_id\nfrom\n alicloud_account as a\n left join alicloud_ram_password_policy as pol on a.account_id = pol.account_id;\n","tags":{},"tables":["alicloud.alicloud_account","alicloud.alicloud_ram_password_policy"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/ram.pp","startLineNumber":1,"endLineNumber":18,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_1_11","org":"turbot","name":"cis_v100_1_11","mod":"Alibaba Cloud Compliance","title":"1.11 Ensure RAM password policy requires minimum length of 14 or greater","description":"RAM password policies can be used to ensure password complexity. It is recommended that the password policy require a minimum of 14 or greater characters for any password.","tags":{"category":"Compliance","cis":"true","cis_item_id":"1.11","cis_level":"1","cis_section_id":"1","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}}],"controlTitle":"1.11 Ensure RAM password policy requires minimum length of 14 or greater","controlDescription":"RAM password policies can be used to ensure password complexity. It is recommended that the password policy require a minimum of 14 or greater characters for any password.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"1.11","cis_level":"1","cis_section_id":"1","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}},"ram_account_password_policy_one_uppercase_letter":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/ram_account_password_policy_one_uppercase_letter","org":"turbot","name":"ram_account_password_policy_one_uppercase_letter","sql":"select\n 'acs:ram::' || a.account_id as resource,\n case\n when require_uppercase_characters then 'ok'\n else 'alarm'\n end as status,\n case\n when minimum_password_length is null then 'No password policy set.'\n when require_uppercase_characters then 'Uppercase character required.'\n else 'Uppercase character not required.'\n end as reason\n , a.account_id as account_id\nfrom\n alicloud_account as a\n left join alicloud_ram_password_policy as pol on a.account_id = pol.account_id;\n","tags":{},"tables":["alicloud.alicloud_account","alicloud.alicloud_ram_password_policy"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/ram.pp","startLineNumber":80,"endLineNumber":98,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_1_7","org":"turbot","name":"cis_v100_1_7","mod":"Alibaba Cloud Compliance","title":"1.7 Ensure RAM password policy requires at least one uppercase letter","description":"RAM password policies can be used to ensure password complexity. It is recommended that the password policy require at least one uppercase letter.","tags":{"category":"Compliance","cis":"true","cis_item_id":"1.7","cis_level":"1","cis_section_id":"1","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}}],"controlTitle":"1.7 Ensure RAM password policy requires at least one uppercase letter","controlDescription":"RAM password policies can be used to ensure password complexity. It is recommended that the password policy require at least one uppercase letter.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"1.7","cis_level":"1","cis_section_id":"1","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}},"ram_account_password_policy_one_lowercase_letter":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/ram_account_password_policy_one_lowercase_letter","org":"turbot","name":"ram_account_password_policy_one_lowercase_letter","sql":"select\n 'acs:ram::' || a.account_id as resource,\n case\n when require_lowercase_characters then 'ok'\n else 'alarm'\n end as status,\n case\n when minimum_password_length is null then 'No password policy set.'\n when require_lowercase_characters then 'Lowercase character required.'\n else 'Lowercase character not required.'\n end as reason\n , a.account_id as account_id\nfrom\n alicloud_account as a\n left join alicloud_ram_password_policy as pol on a.account_id = pol.account_id;\n","tags":{},"tables":["alicloud.alicloud_account","alicloud.alicloud_ram_password_policy"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/ram.pp","startLineNumber":20,"endLineNumber":38,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_1_8","org":"turbot","name":"cis_v100_1_8","mod":"Alibaba Cloud Compliance","title":"1.8 Ensure RAM password policy requires at least one lowercase letter","description":"RAM password policies can be used to ensure password complexity. It is recommended that the password policy require at least one lowercase letter.","tags":{"category":"Compliance","cis":"true","cis_item_id":"1.8","cis_level":"1","cis_section_id":"1","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}}],"controlTitle":"1.8 Ensure RAM password policy requires at least one lowercase letter","controlDescription":"RAM password policies can be used to ensure password complexity. It is recommended that the password policy require at least one lowercase letter.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"1.8","cis_level":"1","cis_section_id":"1","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}},"ram_account_password_policy_one_number":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/ram_account_password_policy_one_number","org":"turbot","name":"ram_account_password_policy_one_number","sql":"select\n 'acs:ram::' || a.account_id as resource,\n case\n when require_numbers then 'ok'\n else 'alarm'\n end as status,\n case\n when minimum_password_length is null then 'No password policy set.'\n when require_numbers then 'Number required.'\n else 'Number not required.'\n end as reason\n , a.account_id as account_id\nfrom\n alicloud_account as a\n left join alicloud_ram_password_policy as pol on a.account_id = pol.account_id;\n","tags":{},"tables":["alicloud.alicloud_account","alicloud.alicloud_ram_password_policy"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/ram.pp","startLineNumber":40,"endLineNumber":58,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_1_10","org":"turbot","name":"cis_v100_1_10","mod":"Alibaba Cloud Compliance","title":"1.10 Ensure RAM password policy require at least one number","description":"RAM password policies can be used to ensure password complexity. It is recommended that the password policy require at least one number.","tags":{"category":"Compliance","cis":"true","cis_item_id":"1.10","cis_level":"1","cis_section_id":"1","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}}],"controlTitle":"1.10 Ensure RAM password policy require at least one number","controlDescription":"RAM password policies can be used to ensure password complexity. It is recommended that the password policy require at least one number.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"1.10","cis_level":"1","cis_section_id":"1","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}},"ram_password_policy_max_login_attempts_5":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/ram_password_policy_max_login_attempts_5","org":"turbot","name":"ram_password_policy_max_login_attempts_5","sql":"select\n 'acs:ram::' || a.account_id as resource,\n case\n when max_login_attempts <= 5 then 'ok'\n else 'alarm'\n end as status,\n case\n when max_login_attempts is null then 'Max login attempts not set.'\n else 'Max login attempts set to ' || max_login_attempts || '.'\n end as reason\n , a.account_id as account_id\nfrom\n alicloud_account as a\n left join alicloud_ram_password_policy as pol on a.account_id = pol.account_id;\n","tags":{},"tables":["alicloud.alicloud_account","alicloud.alicloud_ram_password_policy"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/ram.pp","startLineNumber":139,"endLineNumber":156,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_1_14","org":"turbot","name":"cis_v100_1_14","mod":"Alibaba Cloud Compliance","title":"1.14 Ensure RAM password policy temporarily blocks logon after 5 incorrect logon attempts within an hour","description":"RAM password policies can require passwords to be expired after a given number of days. It is recommended that the password policy expire passwords after 90 days or less.","tags":{"category":"Compliance","cis":"true","cis_item_id":"1.14","cis_level":"1","cis_section_id":"1","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}}],"controlTitle":"1.14 Ensure RAM password policy temporarily blocks logon after 5 incorrect logon attempts within an hour","controlDescription":"RAM password policies can require passwords to be expired after a given number of days. It is recommended that the password policy expire passwords after 90 days or less.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"1.14","cis_level":"1","cis_section_id":"1","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}},"ram_password_policy_expire_90":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/ram_password_policy_expire_90","org":"turbot","name":"ram_password_policy_expire_90","sql":"select\n 'acs:ram::' || a.account_id as resource,\n case\n when max_password_age <= 90 then 'ok'\n else 'alarm'\n end as status,\n case\n when max_password_age is null then 'Password expiration not set.'\n else 'Password expiration set to ' || max_password_age || ' days.'\n end as reason\n , a.account_id as account_id\nfrom\n alicloud_account as a\n left join alicloud_ram_password_policy as pol on a.account_id = pol.account_id;\n","tags":{},"tables":["alicloud.alicloud_account","alicloud.alicloud_ram_password_policy"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/ram.pp","startLineNumber":120,"endLineNumber":137,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_1_13","org":"turbot","name":"cis_v100_1_13","mod":"Alibaba Cloud Compliance","title":"1.13 Ensure RAM password policy expires passwords within 90 days or less","description":"RAM password policies can require passwords to be expired after a given number of days. It is recommended that the password policy expire passwords after 90 days or less.","tags":{"category":"Compliance","cis":"true","cis_item_id":"1.13","cis_level":"1","cis_section_id":"1","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}}],"controlTitle":"1.13 Ensure RAM password policy expires passwords within 90 days or less","controlDescription":"RAM password policies can require passwords to be expired after a given number of days. It is recommended that the password policy expire passwords after 90 days or less.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"1.13","cis_level":"1","cis_section_id":"1","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}},"ram_account_password_policy_reuse_5":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/ram_account_password_policy_reuse_5","org":"turbot","name":"ram_account_password_policy_reuse_5","sql":"select\n 'acs:ram::' || a.account_id as resource,\n case\n when password_reuse_prevention = 5 then 'ok'\n else 'alarm'\n end as status,\n case\n when minimum_password_length is null then 'No password policy set.'\n when password_reuse_prevention is null then 'Password reuse prevention not set.'\n else 'Password reuse prevention set to ' || password_reuse_prevention || '.'\n end as reason\n , a.account_id as account_id\nfrom\n alicloud_account as a\n left join alicloud_ram_password_policy as pol on a.account_id = pol.account_id;\n","tags":{},"tables":["alicloud.alicloud_account","alicloud.alicloud_ram_password_policy"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/ram.pp","startLineNumber":100,"endLineNumber":118,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_1_12","org":"turbot","name":"cis_v100_1_12","mod":"Alibaba Cloud Compliance","title":"1.12 Ensure RAM password policy prevents password reuse","description":"It is recommended that the password policy prevent the reuse of passwords.","tags":{"category":"Compliance","cis":"true","cis_item_id":"1.12","cis_level":"1","cis_section_id":"1","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}}],"controlTitle":"1.12 Ensure RAM password policy prevents password reuse","controlDescription":"It is recommended that the password policy prevent the reuse of passwords.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"1.12","cis_level":"1","cis_section_id":"1","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}},"ram_account_password_policy_one_symbol":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/ram_account_password_policy_one_symbol","org":"turbot","name":"ram_account_password_policy_one_symbol","sql":"select\n 'acs:ram::' || a.account_id as resource,\n case\n when require_symbols then 'ok'\n else 'alarm'\n end as status,\n case\n when minimum_password_length is null then 'No password policy set.'\n when require_symbols then 'Symbol required.'\n else 'Symbol not required.'\n end as reason\n , a.account_id as account_id\nfrom\n alicloud_account as a\n left join alicloud_ram_password_policy as pol on a.account_id = pol.account_id;\n","tags":{},"tables":["alicloud.alicloud_account","alicloud.alicloud_ram_password_policy"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/ram.pp","startLineNumber":60,"endLineNumber":78,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_1_9","org":"turbot","name":"cis_v100_1_9","mod":"Alibaba Cloud Compliance","title":"1.9 Ensure RAM password policy require at least one symbol","description":"RAM password policies can be used to ensure password complexity. It is recommended that the password policy require at least one symbol.","tags":{"category":"Compliance","cis":"true","cis_item_id":"1.9","cis_level":"1","cis_section_id":"1","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}}],"controlTitle":"1.9 Ensure RAM password policy require at least one symbol","controlDescription":"RAM password policies can be used to ensure password complexity. It is recommended that the password policy require at least one symbol.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"1.9","cis_level":"1","cis_section_id":"1","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}},"ram_user_access_key_rotated_90":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/ram_user_access_key_rotated_90","org":"turbot","name":"ram_user_access_key_rotated_90","sql":"select\n 'acs:ram::' || account_id || ':user/' || user_name || '/accesskey/' || access_key_id as resource,\n case\n when create_date <= (current_date - interval '90' day) then 'alarm'\n else 'ok'\n end as status,\n user_name || ' ' || access_key_id || ' created ' || to_char(create_date , 'DD-Mon-YYYY') ||\n ' (' || extract(day from current_timestamp - create_date) || ' days).'\n as reason\n , account_id as account_id\nfrom\n alicloud_ram_access_key;\n","tags":{},"tables":["alicloud.alicloud_ram_access_key"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/ram.pp","startLineNumber":218,"endLineNumber":233,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_1_6","org":"turbot","name":"cis_v100_1_6","mod":"Alibaba Cloud Compliance","title":"1.6 Ensure access keys are rotated every 90 days or less","description":"An access key consists of an access key ID and a secret, which are used to sign programmatic requests that you make to Alibaba Cloud. RAM users need their own access keys to make programmatic calls to Alibaba Cloud from the Alibaba Cloud SDKs, CLIs, or direct HTTP/HTTPS calls using the APIs for individual Alibaba Cloud services. It is recommended that all access keys be regularly rotated.","tags":{"category":"Compliance","cis":"true","cis_item_id":"1.6","cis_level":"1","cis_section_id":"1","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}}],"controlTitle":"1.6 Ensure access keys are rotated every 90 days or less","controlDescription":"An access key consists of an access key ID and a secret, which are used to sign programmatic requests that you make to Alibaba Cloud. RAM users need their own access keys to make programmatic calls to Alibaba Cloud from the Alibaba Cloud SDKs, CLIs, or direct HTTP/HTTPS calls using the APIs for individual Alibaba Cloud services. It is recommended that all access keys be regularly rotated.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"1.6","cis_level":"1","cis_section_id":"1","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}},"ram_root_account_unused":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/ram_root_account_unused","org":"turbot","name":"ram_root_account_unused","sql":"select\n 'acs:ram::' || account_id || ':user/' || user_name as resource,\n case\n when user_last_logon is null then 'ok'\n else 'alarm'\n end as status,\n case\n when user_last_logon is null then 'Root account not used.'\n else 'Root account last used ' || extract(day from current_date - user_last_logon) || ' days ago.'\n end as reason\n , account_id as account_id\nfrom\n alicloud_ram_credential_report\nwhere\n user_name = '';\n","tags":{},"tables":["alicloud.alicloud_ram_credential_report"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/ram.pp","startLineNumber":198,"endLineNumber":216,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_1_1","org":"turbot","name":"cis_v100_1_1","mod":"Alibaba Cloud Compliance","title":"1.1 Avoid the use of the 'root' account","description":"An Alibaba Cloud account can be viewed as a 'root' account. The 'root' account has full control permissions to all cloud products and resources under such account. It is highly recommended that the use of this account should be avoided.","tags":{"category":"Compliance","cis":"true","cis_item_id":"1.1","cis_level":"1","cis_section_id":"1","cis_type":"manual","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}}],"controlTitle":"1.1 Avoid the use of the 'root' account","controlDescription":"An Alibaba Cloud account can be viewed as a 'root' account. The 'root' account has full control permissions to all cloud products and resources under such account. It is highly recommended that the use of this account should be avoided.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"1.1","cis_level":"1","cis_section_id":"1","cis_type":"manual","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}},"ram_root_account_no_access_keys":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/ram_root_account_no_access_keys","org":"turbot","name":"ram_root_account_no_access_keys","sql":"select\n 'acs:ram::' || account_id || ':user/' || user_name as resource,\n case\n when access_key_1_active or access_key_2_active then 'alarm'\n else 'ok'\n end as status,\n case\n when access_key_1_active or access_key_2_active then 'Root account access key exists.'\n else 'No root account access keys exist.'\n end as reason\n , account_id as account_id\nfrom\n alicloud_ram_credential_report\nwhere\n user_name = '';\n","tags":{},"tables":["alicloud.alicloud_ram_credential_report"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/ram.pp","startLineNumber":178,"endLineNumber":196,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_1_2","org":"turbot","name":"cis_v100_1_2","mod":"Alibaba Cloud Compliance","title":"1.2 Ensure no root account access key exists","description":"Access keys provide programmatic access to a given Alibaba Cloud account. It is recommended that all access keys associated with the root account be removed.","tags":{"category":"Compliance","cis":"true","cis_item_id":"1.2","cis_level":"1","cis_section_id":"1","cis_type":"manual","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}}],"controlTitle":"1.2 Ensure no root account access key exists","controlDescription":"Access keys provide programmatic access to a given Alibaba Cloud account. It is recommended that all access keys associated with the root account be removed.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"1.2","cis_level":"1","cis_section_id":"1","cis_type":"manual","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}},"ram_user_console_access_mfa_enabled":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/ram_user_console_access_mfa_enabled","org":"turbot","name":"ram_user_console_access_mfa_enabled","sql":"select\n 'acs:ram::' || account_id || ':user/' || user_name as resource,\n case\n when password_exist and not mfa_active then 'alarm'\n else 'ok'\n end as status,\n case\n when not password_exist then user_name || ' password login disabled.'\n when password_exist and not mfa_active then user_name || ' password login enabled but no MFA device configured.'\n else user_name || ' password login enabled and MFA device configured.'\n end as reason\n , account_id as account_id\nfrom\n alicloud_ram_credential_report;\n","tags":{},"tables":["alicloud.alicloud_ram_credential_report"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/ram.pp","startLineNumber":235,"endLineNumber":252,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_1_4","org":"turbot","name":"cis_v100_1_4","mod":"Alibaba Cloud Compliance","title":"1.4 Ensure that multi-factor authentication is enabled for all RAM users that have a console password","description":"Multi-Factor Authentication (MFA) adds an extra layer of protection on top of a username and password. With MFA enabled, when a user logs on to Alibaba Cloud, they will be prompted for their user name and password followed by an authentication code from their virtual MFA device. It is recommended that MFA be enabled for all users that have a console password.","tags":{"category":"Compliance","cis":"true","cis_item_id":"1.4","cis_level":"1","cis_section_id":"1","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}}],"controlTitle":"1.4 Ensure that multi-factor authentication is enabled for all RAM users that have a console password","controlDescription":"Multi-Factor Authentication (MFA) adds an extra layer of protection on top of a username and password. With MFA enabled, when a user logs on to Alibaba Cloud, they will be prompted for their user name and password followed by an authentication code from their virtual MFA device. It is recommended that MFA be enabled for all users that have a console password.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"1.4","cis_level":"1","cis_section_id":"1","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}},"ram_root_account_mfa_enabled":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/ram_root_account_mfa_enabled","org":"turbot","name":"ram_root_account_mfa_enabled","sql":"select\n 'acs:ram::' || account_id || ':user/' || user_name as resource,\n case\n when mfa_active then 'ok'\n else 'alarm'\n end as status,\n case\n when mfa_active then user_name || ' MFA enabled.'\n else user_name || ' MFA not enabled.'\n end as reason\n , account_id as account_id\nfrom\n alicloud_ram_credential_report\nwhere\n user_name = '';\n","tags":{},"tables":["alicloud.alicloud_ram_credential_report"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/ram.pp","startLineNumber":158,"endLineNumber":176,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_1_3","org":"turbot","name":"cis_v100_1_3","mod":"Alibaba Cloud Compliance","title":"1.3 Ensure MFA is enabled for the 'root' account","description":"With MFA enabled, anytime the “root” account logs on to Alibaba Cloud, it will be prompted for username and password followed by an authentication code from the virtual MFA device.It is recommended that MFA be enabled for the 'root' user.","tags":{"category":"Compliance","cis":"true","cis_item_id":"1.3","cis_level":"1","cis_section_id":"1","cis_type":"manual","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}}],"controlTitle":"1.3 Ensure MFA is enabled for the 'root' account","controlDescription":"With MFA enabled, anytime the “root” account logs on to Alibaba Cloud, it will be prompted for username and password followed by an authentication code from the virtual MFA device.It is recommended that MFA be enabled for the 'root' user.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"1.3","cis_level":"1","cis_section_id":"1","cis_type":"manual","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}},"ram_user_unused_90":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/ram_user_unused_90","org":"turbot","name":"ram_user_unused_90","sql":"select\n 'acs:ram::' || account_id || ':user/' || name as resource,\n case\n when last_login_date < current_date - interval '90 days' or last_login_date is null then 'alarm'\n else 'ok'\n end as status,\n case\n when last_login_date is null then name || ' never logged in.'\n else name || ' logged in '|| extract(day from current_date - last_login_date) || ' days ago.'\n end as reason\n , account_id as account_id\nfrom\n alicloud_ram_user;\n","tags":{},"tables":["alicloud.alicloud_ram_user"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/ram.pp","startLineNumber":283,"endLineNumber":299,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_1_5","org":"turbot","name":"cis_v100_1_5","mod":"Alibaba Cloud Compliance","title":"1.5 Ensure users not logged on for 90 days or longer are disabled for console logon","description":"Alibaba Cloud RAM users can logon to Alibaba Cloud console by using their user name and password. If a user has not logged on for 90 days or longer, it is recommended to disable the console access of the user.","tags":{"category":"Compliance","cis":"true","cis_item_id":"1.5","cis_level":"1","cis_section_id":"1","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}}],"controlTitle":"1.5 Ensure users not logged on for 90 days or longer are disabled for console logon","controlDescription":"Alibaba Cloud RAM users can logon to Alibaba Cloud console by using their user name and password. If a user has not logged on for 90 days or longer, it is recommended to disable the console access of the user.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"1.5","cis_level":"1","cis_section_id":"1","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}},"ram_user_no_policies":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/ram_user_no_policies","org":"turbot","name":"ram_user_no_policies","sql":"with user_attached_with_policy as (\n select\n distinct name as user_name,\n attached_policy\n from\n alicloud_ram_user,\n jsonb_array_elements(attached_policy) as policies\n where\n attached_policy != '[]'\n)\nselect\n 'acs:ram::' || account_id || ':user/' || name as resource,\n case\n when u.name = p.user_name then 'alarm'\n else 'ok'\n end as status,\n case\n when u.name = p.user_name then name || ' have direct policy attached.'\n else name || ' not have any direct policy attached.'\n end as reason\n , account_id as account_id\nfrom\n alicloud_ram_user u\n left join user_attached_with_policy p on u.name = p.user_name;\n","tags":{},"tables":["alicloud.alicloud_ram_user"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/ram.pp","startLineNumber":254,"endLineNumber":281,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_1_16","org":"turbot","name":"cis_v100_1_16","mod":"Alibaba Cloud Compliance","title":"1.16 Ensure RAM policies are attached only to groups or roles","description":"By default, RAM users, groups, and roles have no access to Alibaba Cloud resources. RAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended that RAM policies be applied directly to groups and roles but not users.","tags":{"category":"Compliance","cis":"true","cis_item_id":"1.16","cis_level":"1","cis_section_id":"1","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}}],"controlTitle":"1.16 Ensure RAM policies are attached only to groups or roles","controlDescription":"By default, RAM users, groups, and roles have no access to Alibaba Cloud resources. RAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended that RAM policies be applied directly to groups and roles but not users.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"1.16","cis_level":"1","cis_section_id":"1","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RAM"}}},"action_trail":{"action_trail_oss_bucket_not_public":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/action_trail_oss_bucket_not_public","org":"turbot","name":"action_trail_oss_bucket_not_public","sql":"select\n 'acs' || ':actiontrail:' || trail.region || ':account_id' || ':actiontrail/' || trail.name as resource,\n case\n when bucket.acl <> 'private' then 'alarm'\n else 'ok'\n end as status,\n case\n when bucket.acl <> 'private' then 'oss bucket ' || bucket.name || ' used to store ActionTrail logs is publicly accessible.'\n else 'oss bucket ' || bucket.name || ' used to store ActionTrail logs is not publicly accessible.'\n end as reason\n , trail.account_id as account_id, trail.region as region\nfrom\n alicloud_action_trail as trail\n join alicloud_oss_bucket as bucket on trail.oss_bucket_name = bucket.name;\n","tags":{},"tables":["alicloud.alicloud_action_trail","alicloud.alicloud_oss_bucket"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/actiontrail.pp","startLineNumber":25,"endLineNumber":42,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_2_2","org":"turbot","name":"cis_v100_2_2","mod":"Alibaba Cloud Compliance","title":"2.2 Ensure the OSS used to store ActionTrail logs is not publicly accessible","description":"ActionTrail logs a record of every API call made in your Alibaba Cloud account. These logs file are stored in an OSS bucket. It is recommended that the access control list (ACL) of the OSS bucket, which ActionTrail logs to, shall prevent public access to the ActionTrail logs.","tags":{"category":"Compliance","cis":"true","cis_item_id":"2.2","cis_level":"1","cis_section_id":"2","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/ActionTrail"}}],"controlTitle":"2.2 Ensure the OSS used to store ActionTrail logs is not publicly accessible","controlDescription":"ActionTrail logs a record of every API call made in your Alibaba Cloud account. These logs file are stored in an OSS bucket. It is recommended that the access control list (ACL) of the OSS bucket, which ActionTrail logs to, shall prevent public access to the ActionTrail logs.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"2.2","cis_level":"1","cis_section_id":"2","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/ActionTrail"}},"action_trail_enabled":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/action_trail_enabled","org":"turbot","name":"action_trail_enabled","sql":"select\n 'acs:actiontrail:' || home_region || ':' || account_id || ':actiontrail/' || name as resource,\n case\n when\n trail_region = 'All'\n and oss_bucket_name is not null\n and sls_project_arn is not null then 'ok'\n else 'alarm'\n end as status,\n case\n when\n trail_region = 'All'\n and oss_bucket_name is not null\n and sls_project_arn is not null then name ' is configured to export copies of all log entries'\n else name ' is not configured to export copies of all log entries'\n end as reason\n , account_id as account_id, region as region\nfrom\n alicloud_action_trail;\n","tags":{},"tables":["alicloud.alicloud_action_trail"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/actiontrail.pp","startLineNumber":1,"endLineNumber":23,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_2_1","org":"turbot","name":"cis_v100_2_1","mod":"Alibaba Cloud Compliance","title":"2.1 Ensure that ActionTrail are configured to export copies of all Log entries","description":"ActionTrail is a web service that records API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the Alibaba Cloud service. ActionTrail provides a history of API calls for an account, including API calls made via the Management Console, SDKs, command line tools.","tags":{"category":"Compliance","cis":"true","cis_item_id":"2.1","cis_level":"1","cis_section_id":"2","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/ActionTrail"}}],"controlTitle":"2.1 Ensure that ActionTrail are configured to export copies of all Log entries","controlDescription":"ActionTrail is a web service that records API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the Alibaba Cloud service. ActionTrail provides a history of API calls for an account, including API calls made via the Management Console, SDKs, command line tools.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"2.1","cis_level":"1","cis_section_id":"2","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/ActionTrail"}}},"ack":{"cs_kubernetes_cluster_network_policy_enabled":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/cs_kubernetes_cluster_network_policy_enabled","org":"turbot","name":"cs_kubernetes_cluster_network_policy_enabled","sql":"with network_policy_enabled as (\n select\n cluster_id\n from\n alicloud_cs_kubernetes_cluster,\n jsonb_array_elements(meta_data -> 'Addons') as a\n where\n a ->> 'name' = 'terway-eniip' and\n regexp_replace(a ->> 'config', '\\\\\"', '\"', 'g') :: jsonb @> '{\"NetworkPolicy\":\"true\"}'\n)\nselect\n arn as resource,\n case\n when a.meta_data -> 'Addons' @> '[{\"name\": \"flannel\"}]' then 'skip'\n when n.cluster_id is null then 'alarm'\n else 'ok'\n end as status,\n case\n when a.meta_data -> 'Addons' @> '[{\"name\": \"flannel\"}]' then a.title || ' does not support network policy.'\n when n.cluster_id is null then a.title || ' network policy disabled.'\n else a.title || ' network policy enabled.'\n end as reason\n \n , a.account_id as account_id, a.region as region\nfrom\n alicloud_cs_kubernetes_cluster a\n left join network_policy_enabled n on a.cluster_id = n.cluster_id;\n","tags":{},"tables":["alicloud.alicloud_cs_kubernetes_cluster"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/cs.pp","startLineNumber":33,"endLineNumber":63,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_7_7","org":"turbot","name":"cis_v100_7_7","mod":"Alibaba Cloud Compliance","title":"7.7 Ensure Network policy is enabled on Kubernetes Engine Clusters","description":"A network policy is a specification of how groups of pods are allowed to communicate with each other and other network endpoints. NetworkPolicy resources use labels to select pods and define rules which specify what traffic is allowed to the selected pods. The Kubernetes Network Policy API allows the cluster administrator to specify what pods are allowed to communicate with each other.","tags":{"category":"Compliance","cis":"true","cis_item_id":"7.7","cis_level":"1","cis_section_id":"7","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/ACK"}}],"controlTitle":"7.7 Ensure Network policy is enabled on Kubernetes Engine Clusters","controlDescription":"A network policy is a specification of how groups of pods are allowed to communicate with each other and other network endpoints. NetworkPolicy resources use labels to select pods and define rules which specify what traffic is allowed to the selected pods. The Kubernetes Network Policy API allows the cluster administrator to specify what pods are allowed to communicate with each other.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"7.7","cis_level":"1","cis_section_id":"7","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/ACK"}},"cs_kubernetes_cluster_ipvlan_enabled":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/cs_kubernetes_cluster_ipvlan_enabled","org":"turbot","name":"cs_kubernetes_cluster_ipvlan_enabled","sql":"with network_policy_enabled as (\n select\n cluster_id\n from\n alicloud_cs_kubernetes_cluster,\n jsonb_array_elements(meta_data -> 'Addons') as a\n where\n a ->> 'name' = 'terway-eniip' and\n regexp_replace(a ->> 'config', '\\\\\"', '\"', 'g') :: jsonb @> '{\"IPVlan\":\"true\"}'\n)\nselect\n arn as resource,\n case\n when a.meta_data -> 'Addons' @> '[{\"name\": \"flannel\"}]' then 'skip'\n when n.cluster_id is null then 'alarm'\n else 'ok'\n end as status,\n case\n when a.meta_data -> 'Addons' @> '[{\"name\": \"flannel\"}]' then a.title || ' does not support IPVlan.'\n when n.cluster_id is null then a.title || ' IPVlan disabled.'\n else a.title || ' IPVlan enabled.'\n end as reason\n \n , a.account_id as account_id, a.region as region\nfrom\n alicloud_cs_kubernetes_cluster a\n left join network_policy_enabled n on a.cluster_id = n.cluster_id;\n","tags":{},"tables":["alicloud.alicloud_cs_kubernetes_cluster"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/cs.pp","startLineNumber":1,"endLineNumber":31,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_7_8","org":"turbot","name":"cis_v100_7_8","mod":"Alibaba Cloud Compliance","title":"7.8 Ensure ENI multiple IP mode support for Kubernetes Cluster","description":"Alibaba Cloud ENI (Elastic Network Interface) has supported assign ranges of internal IP addresses as aliases to a single virtual machine's ENI network interfaces. This is useful if you have lots of services running on a VM and you want to assign each service a different IP address without quota limitation.","tags":{"category":"Compliance","cis":"true","cis_item_id":"7.8","cis_level":"1","cis_section_id":"7","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/ACK"}}],"controlTitle":"7.8 Ensure ENI multiple IP mode support for Kubernetes Cluster","controlDescription":"Alibaba Cloud ENI (Elastic Network Interface) has supported assign ranges of internal IP addresses as aliases to a single virtual machine's ENI network interfaces. This is useful if you have lots of services running on a VM and you want to assign each service a different IP address without quota limitation.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"7.8","cis_level":"1","cis_section_id":"7","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/ACK"}}},"ecs":{"ecs_unattached_disk_encryption_enabled":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/ecs_unattached_disk_encryption_enabled","org":"turbot","name":"ecs_unattached_disk_encryption_enabled","sql":"select\n arn as resource,\n case\n when encrypted then 'ok'\n else 'alarm'\n end as status,\n case\n when encrypted then title || ' encryption enabled.'\n else title || ' encryption disabled.'\n end as reason\n \n , account_id as account_id, region as region\nfrom\n alicloud_ecs_disk\nwhere\n status = 'Available';\n","tags":{},"tables":["alicloud.alicloud_ecs_disk"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/ecs.pp","startLineNumber":149,"endLineNumber":168,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_4_1","org":"turbot","name":"cis_v100_4_1","mod":"Alibaba Cloud Compliance","title":"4.1 Ensure that 'Unattached disks' are encrypted","description":"Ensure that unattached disks in a subscription are encrypted.","tags":{"category":"Compliance","cis":"true","cis_item_id":"4.1","cis_level":"1","cis_section_id":"4","cis_type":"manual","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/ECS"}}],"controlTitle":"4.1 Ensure that 'Unattached disks' are encrypted","controlDescription":"Ensure that unattached disks in a subscription are encrypted.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"4.1","cis_level":"1","cis_section_id":"4","cis_type":"manual","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/ECS"}},"ecs_disk_encryption_enabled":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/ecs_disk_encryption_enabled","org":"turbot","name":"ecs_disk_encryption_enabled","sql":"select\n arn as resource,\n case\n when encrypted then 'ok'\n else 'alarm'\n end as status,\n case\n when encrypted then title || ' encryption enabled.'\n else title || ' encryption disabled.'\n end as reason\n \n , account_id as account_id, region as region\nfrom\n alicloud_ecs_disk\nwhere\n status = 'In_use';\n","tags":{},"tables":["alicloud.alicloud_ecs_disk"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/ecs.pp","startLineNumber":1,"endLineNumber":20,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_4_2","org":"turbot","name":"cis_v100_4_2","mod":"Alibaba Cloud Compliance","title":"4.2 Ensure that 'Virtual Machine’s disk' are encrypted","description":"Ensure that disk are encrypted when it is created with the creation of VM instance.","tags":{"category":"Compliance","cis":"true","cis_item_id":"4.2","cis_level":"1","cis_section_id":"4","cis_type":"manual","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/ECS"}}],"controlTitle":"4.2 Ensure that 'Virtual Machine’s disk' are encrypted","controlDescription":"Ensure that disk are encrypted when it is created with the creation of VM instance.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"4.2","cis_level":"1","cis_section_id":"4","cis_type":"manual","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/ECS"}},"ecs_instance_with_no_legacy_network":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/ecs_instance_with_no_legacy_network","org":"turbot","name":"ecs_instance_with_no_legacy_network","sql":"select\n arn as resource,\n case\n when instance_network_type = 'vpc' then 'ok'\n else 'alarm'\n end as status,\n case\n when instance_network_type = 'vpc' then title || ' has VPC network.'\n else title || ' has legacy network.'\n end as reason\n \n , account_id as account_id, region as region\nfrom\n alicloud_ecs_instance;\n","tags":{},"tables":["alicloud.alicloud_ecs_instance"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/ecs.pp","startLineNumber":22,"endLineNumber":39,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_3_1","org":"turbot","name":"cis_v100_3_1","mod":"Alibaba Cloud Compliance","title":"3.1 Ensure legacy networks does not exist","description":"In order to prevent use of legacy networks, ECS instances should not have a legacy network configured.","tags":{"category":"Compliance","cis":"true","cis_item_id":"3.1","cis_level":"1","cis_section_id":"3","cis_type":"manual","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/ECS"}}],"controlTitle":"3.1 Ensure legacy networks does not exist","controlDescription":"In order to prevent use of legacy networks, ECS instances should not have a legacy network configured.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"3.1","cis_level":"1","cis_section_id":"3","cis_type":"manual","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/ECS"}},"ecs_security_group_restrict_ingress_rdp_all":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/ecs_security_group_restrict_ingress_rdp_all","org":"turbot","name":"ecs_security_group_restrict_ingress_rdp_all","sql":"with bad_groups as (\n select\n distinct arn\n from\n alicloud_ecs_security_group,\n jsonb_array_elements(permissions) as p\n where\n p ->> 'Policy' = 'Accept'\n and p ->> 'Direction' = 'ingress'\n and p ->> 'SourceCidrIp' = '0.0.0.0/0'\n and (\n p ->> 'PortRange' in ('-1/-1', '3389/3389')\n or (3389 between split_part(p ->> 'PortRange', '/', 1) :: int and split_part(p ->> 'PortRange', '/', 2) :: int)\n )\n)\nselect\n a.arn as resource,\n case\n when b.arn is null then 'ok'\n else 'alarm'\n end as status,\n case\n when b.arn is null then a.security_group_id || ' does not allow ingress from 0.0.0.0/0 to port 3389.'\n else a.security_group_id || ' allow ingress from 0.0.0.0/0 to port 3389.'\n end as reason\n \n , a.account_id as account_id, a.region as region\nfrom\n alicloud_ecs_security_group as a\nleft join bad_groups as b on a.arn = b.arn;\n","tags":{},"tables":["alicloud.alicloud_ecs_security_group"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/ecs.pp","startLineNumber":79,"endLineNumber":112,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_4_4","org":"turbot","name":"cis_v100_4_4","mod":"Alibaba Cloud Compliance","title":"4.4 Ensure no security groups allow ingress from 0.0.0.0/0 to port 3389","description":"Security groups provide filtering of ingress/egress network traffic to Aliyun resources. It is recommended that no security group allows unrestricted ingress access to port 3389.","tags":{"category":"Compliance","cis":"true","cis_item_id":"4.4","cis_level":"1","cis_section_id":"4","cis_type":"manual","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/ECS"}}],"controlTitle":"4.4 Ensure no security groups allow ingress from 0.0.0.0/0 to port 3389","controlDescription":"Security groups provide filtering of ingress/egress network traffic to Aliyun resources. It is recommended that no security group allows unrestricted ingress access to port 3389.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"4.4","cis_level":"1","cis_section_id":"4","cis_type":"manual","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/ECS"}},"ecs_security_group_restrict_ingress_ssh_all":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/ecs_security_group_restrict_ingress_ssh_all","org":"turbot","name":"ecs_security_group_restrict_ingress_ssh_all","sql":"with bad_groups as (\n select\n distinct arn\n from\n alicloud_ecs_security_group,\n jsonb_array_elements(permissions) as p\n where\n p ->> 'Policy' = 'Accept'\n and p ->> 'Direction' = 'ingress'\n and p ->> 'SourceCidrIp' = '0.0.0.0/0'\n and (\n p ->> 'PortRange' in ('-1/-1', '22/22')\n or (22 between split_part(p ->> 'PortRange', '/', 1) :: int and split_part(p ->> 'PortRange', '/', 2) :: int)\n )\n)\nselect\n a.arn as resource,\n case\n when b.arn is null then 'ok'\n else 'alarm'\n end as status,\n case\n when b.arn is null then a.security_group_id || ' does not allow ingress from 0.0.0.0/0 to port 22.'\n else a.security_group_id || ' allow ingress from 0.0.0.0/0 to port 22.'\n end as reason\n \n , a.account_id as account_id, a.region as region\nfrom\n alicloud_ecs_security_group as a\n left join bad_groups as b on a.arn = b.arn;\n","tags":{},"tables":["alicloud.alicloud_ecs_security_group"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/ecs.pp","startLineNumber":114,"endLineNumber":147,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_4_3","org":"turbot","name":"cis_v100_4_3","mod":"Alibaba Cloud Compliance","title":"4.3 Ensure no security groups allow ingress from 0.0.0.0/0 to port 22","description":"Security groups provide stateful filtering of ingress/egress network traffic to Alibaba Cloud resources. It is recommended that no security group allows unrestricted ingress access to port 22.","tags":{"category":"Compliance","cis":"true","cis_item_id":"4.3","cis_level":"1","cis_section_id":"4","cis_type":"manual","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/ECS"}}],"controlTitle":"4.3 Ensure no security groups allow ingress from 0.0.0.0/0 to port 22","controlDescription":"Security groups provide stateful filtering of ingress/egress network traffic to Alibaba Cloud resources. It is recommended that no security group allows unrestricted ingress access to port 22.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"4.3","cis_level":"1","cis_section_id":"4","cis_type":"manual","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/ECS"}},"ecs_security_group_remote_administration":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/ecs_security_group_remote_administration","org":"turbot","name":"ecs_security_group_remote_administration","sql":"$58","tags":{},"tables":["alicloud.alicloud_ecs_security_group"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/ecs.pp","startLineNumber":41,"endLineNumber":77,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_3_2","org":"turbot","name":"cis_v100_3_2","mod":"Alibaba Cloud Compliance","title":"3.2 Ensure that SSH access is restricted from the internet","description":"Security groups provide stateful filtering of ingress/egress network traffic to Alibaba Cloud resources. It is recommended that no security group allows unrestricted ingress access to port 22 or port 3389.","tags":{"category":"Compliance","cis":"true","cis_item_id":"3.2","cis_level":"2","cis_section_id":"3","cis_type":"manual","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/ECS"}}],"controlTitle":"3.2 Ensure that SSH access is restricted from the internet","controlDescription":"Security groups provide stateful filtering of ingress/egress network traffic to Alibaba Cloud resources. It is recommended that no security group allows unrestricted ingress access to port 22 or port 3389.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"3.2","cis_level":"2","cis_section_id":"3","cis_type":"manual","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/ECS"}}},"oss":{"oss_bucket_encrypted_with_byok":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/oss_bucket_encrypted_with_byok","org":"turbot","name":"oss_bucket_encrypted_with_byok","sql":"select\n 'acs:oss:::' || b.name as resource,\n case\n when server_side_encryption ->> 'SSEAlgorithm' = 'KMS' and k.creator = k.account_id then 'ok'\n else 'alarm'\n end as status,\n case\n when server_side_encryption ->> 'SSEAlgorithm' = 'KMS' and k.creator = k.account_id then b.title || ' encrypted with BYOK.'\n else b.title || ' not encrypted with BYOK.'\n end as reason\n \n , b.account_id as account_id, b.region as region\nfrom\n alicloud_oss_bucket b\n left join alicloud_kms_key k on b.server_side_encryption ->> 'KMSMasterKeyID' = k.key_id;\n","tags":{},"tables":["alicloud.alicloud_kms_key","alicloud.alicloud_oss_bucket"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/oss.pp","startLineNumber":1,"endLineNumber":19,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_5_9","org":"turbot","name":"cis_v100_5_9","mod":"Alibaba Cloud Compliance","title":"5.9 Ensure server-side encryption is set to 'Encrypt with BYOK'","description":"Enable server-side encryption (Encrypt with BYOK) for objects.","tags":{"category":"Compliance","cis":"true","cis_item_id":"5.9","cis_level":"2","cis_section_id":"5","cis_type":"manual","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/OSS"}}],"controlTitle":"5.9 Ensure server-side encryption is set to 'Encrypt with BYOK'","controlDescription":"Enable server-side encryption (Encrypt with BYOK) for objects.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"5.9","cis_level":"2","cis_section_id":"5","cis_type":"manual","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/OSS"}},"oss_bucket_encrypted_with_servcie_key":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/oss_bucket_encrypted_with_servcie_key","org":"turbot","name":"oss_bucket_encrypted_with_servcie_key","sql":"select\n 'acs:oss:::' || b.name as resource,\n case\n when server_side_encryption ->> 'SSEAlgorithm' = 'KMS' and k.creator = 'Oss' then 'ok'\n else 'alarm'\n end as status,\n case\n when server_side_encryption ->> 'SSEAlgorithm' = 'KMS' and k.creator = 'Oss' then b.title || ' encrypted with Service Key.'\n else b.title || ' not encrypted with Service Key.'\n end as reason\n \n , b.account_id as account_id, b.region as region\nfrom\n alicloud_oss_bucket b\n left join alicloud_kms_key k on b.server_side_encryption ->> 'KMSMasterKeyID' = k.key_id;\n","tags":{},"tables":["alicloud.alicloud_kms_key","alicloud.alicloud_oss_bucket"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/oss.pp","startLineNumber":21,"endLineNumber":39,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_5_8","org":"turbot","name":"cis_v100_5_8","mod":"Alibaba Cloud Compliance","title":"5.8 Ensure server-side encryption is set to 'Encrypt with Service Key'","description":"Enable server-side encryption (Encrypt with Service Key) for objects.","tags":{"category":"Compliance","cis":"true","cis_item_id":"5.8","cis_level":"2","cis_section_id":"5","cis_type":"manual","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/OSS"}}],"controlTitle":"5.8 Ensure server-side encryption is set to 'Encrypt with Service Key'","controlDescription":"Enable server-side encryption (Encrypt with Service Key) for objects.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"5.8","cis_level":"2","cis_section_id":"5","cis_type":"manual","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/OSS"}},"oss_bucket_logging_enabled":{"path":"/mods/turbot/steampipe-mod-alicloud-insights/queries/oss_bucket_logging_enabled","org":"turbot","name":"oss_bucket_logging_enabled","sql":"select\n 'Logging' as label,\n case when (logging ->> 'TargetBucket') <> '' then 'Enabled' else 'Disabled' end as value,\n case when (logging ->> 'TargetBucket') <> '' then 'ok' else 'alert' end as type\nfrom\n alicloud_oss_bucket\nwhere\n arn = $1;\n","tags":{},"tables":["alicloud.alicloud_oss_bucket"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"dashboards/oss/oss_bucket_detail.pp","startLineNumber":256,"endLineNumber":268,"modSourceName":"steampipe-mod-alicloud-insights","dashboards":[{"dashboard":"oss_bucket_detail","type":"dashboard","title":"AliCloud OSS Bucket Detail","org":"turbot","name":"alicloud_insights","sourceName":"steampipe-mod-alicloud-insights"}],"isControlQuery":false,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_5_3","org":"turbot","name":"cis_v100_5_3","mod":"Alibaba Cloud Compliance","title":"5.3 Ensure that logging is enabled for OSS buckets","description":"OSS Bucket Access Logging generates a log that contains access records for each request made to your OSS bucket. An access log record contains details about the request, such as the request type, the resources specified in the request worked, and the time and date the request was processed. It is recommended that bucket access logging be enabled on the OSS bucket.","tags":{"category":"Compliance","cis":"true","cis_item_id":"5.3","cis_level":"1","cis_section_id":"5","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/OSS"}}],"controlTitle":"5.3 Ensure that logging is enabled for OSS buckets","controlDescription":"OSS Bucket Access Logging generates a log that contains access records for each request made to your OSS bucket. An access log record contains details about the request, such as the request type, the resources specified in the request worked, and the time and date the request was processed. It is recommended that bucket access logging be enabled on the OSS bucket.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"5.3","cis_level":"1","cis_section_id":"5","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/OSS"}},"oss_bucket_public_access_blocked":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/oss_bucket_public_access_blocked","org":"turbot","name":"oss_bucket_public_access_blocked","sql":"select\n 'acs:oss:::' || name as resource,\n case\n when acl = 'private' then 'ok'\n else 'alarm'\n end as status,\n case\n when acl = 'private' then title || ' not publicly accessible.'\n else name || ' publicly accessible.'\n end as reason\n \n , account_id as account_id, region as region\nfrom\n alicloud_oss_bucket;\n","tags":{},"tables":["alicloud.alicloud_oss_bucket"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/oss.pp","startLineNumber":97,"endLineNumber":114,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_5_1","org":"turbot","name":"cis_v100_5_1","mod":"Alibaba Cloud Compliance","title":"5.1 Ensure that OSS bucket is not anonymously or publicly accessible","description":"It is recommended that the access policy on OSS bucket does not allows anonymous and/or public access.","tags":{"category":"Compliance","cis":"true","cis_item_id":"5.1","cis_level":"1","cis_section_id":"5","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/OSS"}}],"controlTitle":"5.1 Ensure that OSS bucket is not anonymously or publicly accessible","controlDescription":"It is recommended that the access policy on OSS bucket does not allows anonymous and/or public access.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"5.1","cis_level":"1","cis_section_id":"5","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/OSS"}},"oss_bucket_enforces_ssl":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/oss_bucket_enforces_ssl","org":"turbot","name":"oss_bucket_enforces_ssl","sql":"with ssl_ok as (\n select\n distinct name,\n 'ok' as status\n from\n alicloud_oss_bucket,\n jsonb_array_elements(policy -> 'Statement') as s,\n jsonb_array_elements_text(s -> 'Principal') as p,\n jsonb_array_elements_text(s -> 'Resource') as r,\n jsonb_array_elements_text(\n s -> 'Condition' -> 'Bool' -> 'acs:SecureTransport'\n ) as ssl\n where\n p = '*'\n and s ->> 'Effect' = 'Deny'\n and ssl :: bool = false\n)\nselect\n 'acs:oss:::' || b.name as resource,\n case\n when ok.status = 'ok' then 'ok'\n else 'alarm'\n end status,\n case\n when ok.status = 'ok' then b.title || ' bucket policy enforces HTTPS.'\n else b.title || ' bucket policy does not enforce HTTPS.'\n end reason\n \n , b.account_id as account_id, b.region as region\nfrom\n alicloud_oss_bucket as b\n left join ssl_ok as ok on ok.name = b.name;\n","tags":{},"tables":["alicloud.alicloud_oss_bucket"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/oss.pp","startLineNumber":41,"endLineNumber":76,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_5_4","org":"turbot","name":"cis_v100_5_4","mod":"Alibaba Cloud Compliance","title":"5.4 Ensure that 'Secure transfer required' is set to 'Enabled'","description":"Enable the data encryption in transit.","tags":{"category":"Compliance","cis":"true","cis_item_id":"5.4","cis_level":"1","cis_section_id":"5","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/OSS"}}],"controlTitle":"5.4 Ensure that 'Secure transfer required' is set to 'Enabled'","controlDescription":"Enable the data encryption in transit.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"5.4","cis_level":"1","cis_section_id":"5","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/OSS"}}},"rds":{"rds_instance_tde_enabled":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/rds_instance_tde_enabled","org":"turbot","name":"rds_instance_tde_enabled","sql":"select\n arn as resource,\n case\n when tde_status = 'Enabled' then 'ok'\n else 'alarm'\n end as status,\n case\n when tde_status = 'Enabled' then title || ' TDE enabled.'\n else title || ' TDE disabled.'\n end as reason\n \n , account_id as account_id, region as region\nfrom\n alicloud_rds_instance;\n","tags":{},"tables":["alicloud.alicloud_rds_instance"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/rds.pp","startLineNumber":138,"endLineNumber":155,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_6_5","org":"turbot","name":"cis_v100_6_5","mod":"Alibaba Cloud Compliance","title":"6.5 Ensure that 'TDE' is set to 'Enabled' on for applicable database instance","description":"Enable Transparent Data Encryption on every RDS instance.","tags":{"category":"Compliance","cis":"true","cis_item_id":"6.5","cis_level":"1","cis_section_id":"6","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RDS"}}],"controlTitle":"6.5 Ensure that 'TDE' is set to 'Enabled' on for applicable database instance","controlDescription":"Enable Transparent Data Encryption on every RDS instance.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"6.5","cis_level":"1","cis_section_id":"6","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RDS"}},"rds_instance_sql_audit_retention_period_180_days":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/rds_instance_sql_audit_retention_period_180_days","org":"turbot","name":"rds_instance_sql_audit_retention_period_180_days","sql":"select\n arn as resource,\n case\n when sql_collector_retention > 180 then 'ok'\n else 'alarm'\n end as status,\n title || ' SQL audit enabled with retention period ' || sql_collector_retention || ' days.'\n as reason\n \n , account_id as account_id, region as region\nfrom\n alicloud_rds_instance;\n","tags":{},"tables":["alicloud.alicloud_rds_instance"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/rds.pp","startLineNumber":102,"endLineNumber":117,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_6_4","org":"turbot","name":"cis_v100_6_4","mod":"Alibaba Cloud Compliance","title":"6.4 Ensure that 'Auditing' Retention is 'greater than 6 months'","description":"Database SQL Audit Retention should be configured to be greater than 90 days.","tags":{"category":"Compliance","cis":"true","cis_item_id":"6.4","cis_level":"1","cis_section_id":"6","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RDS"}}],"controlTitle":"6.4 Ensure that 'Auditing' Retention is 'greater than 6 months'","controlDescription":"Database SQL Audit Retention should be configured to be greater than 90 days.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"6.4","cis_level":"1","cis_section_id":"6","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RDS"}},"rds_instance_postgresql_log_disconnections_parameter_on":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/rds_instance_postgresql_log_disconnections_parameter_on","org":"turbot","name":"rds_instance_postgresql_log_disconnections_parameter_on","sql":"select\n arn as resource,\n case\n when engine != 'PostgreSQL' then 'skip'\n when parameters -> 'RunningParameters' -> 'DBInstanceParameter' @> '[{\"ParameterName\": \"log_disconnections\", \"ParameterValue\": \"on\"}]' then 'ok'\n else 'alarm'\n end as status,\n case\n when engine != 'PostgreSQL' then title || ' is ' || engine || ' server.'\n when parameters -> 'RunningParameters' -> 'DBInstanceParameter' @> '[{\"ParameterName\": \"log_disconnections\", \"ParameterValue\": \"on\"}]' then title || ' ''log_disconnections'' parameter set to ''on''.'\n else title || ' ''log_disconnections'' parameter set to ''off''.'\n end as reason\n \n , account_id as account_id, region as region\nfrom\n alicloud_rds_instance;\n","tags":{},"tables":["alicloud.alicloud_rds_instance"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/rds.pp","startLineNumber":22,"endLineNumber":41,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_6_8","org":"turbot","name":"cis_v100_6_8","mod":"Alibaba Cloud Compliance","title":"6.8 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server","description":"Enable log_disconnections on PostgreSQL Servers.","tags":{"category":"Compliance","cis":"true","cis_item_id":"6.8","cis_level":"1","cis_section_id":"6","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RDS"}}],"controlTitle":"6.8 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server","controlDescription":"Enable log_disconnections on PostgreSQL Servers.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"6.8","cis_level":"1","cis_section_id":"6","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RDS"}},"rds_instance_postgresql_log_duration_parameter_on":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/rds_instance_postgresql_log_duration_parameter_on","org":"turbot","name":"rds_instance_postgresql_log_duration_parameter_on","sql":"select\n arn as resource,\n case\n when engine != 'PostgreSQL' then 'skip'\n when parameters -> 'RunningParameters' -> 'DBInstanceParameter' @> '[{\"ParameterName\": \"log_duration\", \"ParameterValue\": \"on\"}]' then 'ok'\n else 'alarm'\n end as status,\n case\n when engine != 'PostgreSQL' then title || ' is ' || engine || ' server.'\n when parameters -> 'RunningParameters' -> 'DBInstanceParameter' @> '[{\"ParameterName\": \"log_duration\", \"ParameterValue\": \"on\"}]' then title || ' ''log_duration'' parameter set to ''on''.'\n else title || ' ''log_duration'' parameter set to ''off''.'\n end as reason\n \n , account_id as account_id, region as region\nfrom\n alicloud_rds_instance;\n","tags":{},"tables":["alicloud.alicloud_rds_instance"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/rds.pp","startLineNumber":43,"endLineNumber":62,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_6_9","org":"turbot","name":"cis_v100_6_9","mod":"Alibaba Cloud Compliance","title":"6.9 Ensure server parameter 'log_duration is set to 'ON' for PostgreSQL Database Server","description":"Enable log_duration on PostgreSQL Servers.","tags":{"category":"Compliance","cis":"true","cis_item_id":"6.9","cis_level":"1","cis_section_id":"6","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RDS"}}],"controlTitle":"6.9 Ensure server parameter 'log_duration is set to 'ON' for PostgreSQL Database Server","controlDescription":"Enable log_duration on PostgreSQL Servers.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"6.9","cis_level":"1","cis_section_id":"6","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RDS"}},"rds_instance_restrict_access_to_internet":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/rds_instance_restrict_access_to_internet","org":"turbot","name":"rds_instance_restrict_access_to_internet","sql":"select\n arn as resource,\n case\n when security_ips :: jsonb ? '0.0.0.0/0' then 'alarm'\n else 'ok'\n end as status,\n case\n when security_ips :: jsonb ? '0.0.0.0/0' then title || ' publicly accessible.'\n else title || ' not publicly accessible.'\n end as reason\n \n , account_id as account_id, region as region\nfrom\n alicloud_rds_instance;\n","tags":{},"tables":["alicloud.alicloud_rds_instance"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/rds.pp","startLineNumber":64,"endLineNumber":81,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_6_2","org":"turbot","name":"cis_v100_6_2","mod":"Alibaba Cloud Compliance","title":"6.2 Ensure that RDS Instances are not open to the world","description":"Database Server should accept connections only from trusted Network(s)/IP(s) and restrict access from the world.","tags":{"category":"Compliance","cis":"true","cis_item_id":"6.2","cis_level":"1","cis_section_id":"6","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RDS"}}],"controlTitle":"6.2 Ensure that RDS Instances are not open to the world","controlDescription":"Database Server should accept connections only from trusted Network(s)/IP(s) and restrict access from the world.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"6.2","cis_level":"1","cis_section_id":"6","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RDS"}},"rds_instance_postgresql_log_connections_parameter_on":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/rds_instance_postgresql_log_connections_parameter_on","org":"turbot","name":"rds_instance_postgresql_log_connections_parameter_on","sql":"select\n arn as resource,\n case\n when engine != 'PostgreSQL' then 'skip'\n when parameters -> 'RunningParameters' -> 'DBInstanceParameter' @> '[{\"ParameterName\": \"log_connections\", \"ParameterValue\": \"on\"}]' then 'ok'\n else 'alarm'\n end as status,\n case\n when engine != 'PostgreSQL' then title || ' is ' || engine || ' server.'\n when parameters -> 'RunningParameters' -> 'DBInstanceParameter' @> '[{\"ParameterName\": \"log_connections\", \"ParameterValue\": \"on\"}]' then title || ' ''log_connections'' parameter set to ''on''.'\n else title || ' ''log_connections'' parameter set to ''off''.'\n end as reason\n \n , account_id as account_id, region as region\nfrom\n alicloud_rds_instance;\n","tags":{},"tables":["alicloud.alicloud_rds_instance"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/rds.pp","startLineNumber":1,"endLineNumber":20,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_6_7","org":"turbot","name":"cis_v100_6_7","mod":"Alibaba Cloud Compliance","title":"6.7 Ensure parameter 'log_connections' is set to 'ON' for PostgreSQL Database","description":"Enable log_connections on PostgreSQL Servers.","tags":{"category":"Compliance","cis":"true","cis_item_id":"6.7","cis_level":"1","cis_section_id":"6","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RDS"}}],"controlTitle":"6.7 Ensure parameter 'log_connections' is set to 'ON' for PostgreSQL Database","controlDescription":"Enable log_connections on PostgreSQL Servers.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"6.7","cis_level":"1","cis_section_id":"6","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RDS"}},"rds_instance_ssl_enabled":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/rds_instance_ssl_enabled","org":"turbot","name":"rds_instance_ssl_enabled","sql":"select\n arn as resource,\n case\n when ssl_status = 'Enabled' then 'ok'\n else 'alarm'\n end as status,\n case\n when ssl_status = 'Enabled' then title || ' SSL enabled.'\n else title || ' SSL disabled.'\n end as reason\n \n , account_id as account_id, region as region\nfrom\n alicloud_rds_instance;\n","tags":{},"tables":["alicloud.alicloud_rds_instance"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/rds.pp","startLineNumber":119,"endLineNumber":136,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_6_1","org":"turbot","name":"cis_v100_6_1","mod":"Alibaba Cloud Compliance","title":"6.1 Ensure that RDS instance requires all incoming connections to use SSL","description":"It is recommended to enforce all incoming connections to SQL database instance to use SSL.","tags":{"category":"Compliance","cis":"true","cis_item_id":"6.1","cis_level":"1","cis_section_id":"6","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RDS"}}],"controlTitle":"6.1 Ensure that RDS instance requires all incoming connections to use SSL","controlDescription":"It is recommended to enforce all incoming connections to SQL database instance to use SSL.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"6.1","cis_level":"1","cis_section_id":"6","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RDS"}},"rds_instance_sql_audit_enabled":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/rds_instance_sql_audit_enabled","org":"turbot","name":"rds_instance_sql_audit_enabled","sql":"select\n arn as resource,\n case\n when sql_collector_policy ->> 'SQLCollectorStatus' = 'Enable' then 'ok'\n else 'alarm'\n end as status,\n case\n when sql_collector_policy ->> 'SQLCollectorStatus' = 'Enable' then title || ' SQL audit enabled.'\n else title || ' SQL audit disabled.'\n end as reason\n \n , account_id as account_id, region as region\nfrom\n alicloud_rds_instance;\n","tags":{},"tables":["alicloud.alicloud_rds_instance"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/rds.pp","startLineNumber":83,"endLineNumber":100,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_6_3","org":"turbot","name":"cis_v100_6_3","mod":"Alibaba Cloud Compliance","title":"6.3 Ensure that 'Auditing' is set to 'On' for applicable database instances","description":"Enable SQL auditing on all RDS except SQL Server 2012/2016/2017 and MariaDB TX.","tags":{"category":"Compliance","cis":"true","cis_item_id":"6.3","cis_level":"1","cis_section_id":"6","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RDS"}}],"controlTitle":"6.3 Ensure that 'Auditing' is set to 'On' for applicable database instances","controlDescription":"Enable SQL auditing on all RDS except SQL Server 2012/2016/2017 and MariaDB TX.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"6.3","cis_level":"1","cis_section_id":"6","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/RDS"}}},"security_center":{"security_center_advanced_or_enterprise_edition":{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/queries/security_center_advanced_or_enterprise_edition","org":"turbot","name":"security_center_advanced_or_enterprise_edition","sql":"select\n account_id as resource,\n case\n when version in ('2', '3', '5') then 'ok'\n else 'alarm'\n end as status,\n case\n when version in ('2','3') then 'Security Center Enterprise edition enabled.'\n when version in ('5') then 'Security Center Advanced edition enabled.'\n else 'Security Center Enterprise or Advanced edition disabled.'\n end as reason\n , account_id as account_id, region as region\nfrom\n alicloud_security_center_version;\n","tags":{},"tables":["alicloud.alicloud_security_center_version"],"plugins":["turbot/alicloud"],"sourceDefinitionRepoPath":"query/securitycenter.pp","startLineNumber":1,"endLineNumber":18,"modSourceName":"steampipe-mod-alicloud-compliance","dashboards":[],"isControlQuery":true,"controls":[{"path":"/mods/turbot/steampipe-mod-alicloud-compliance/benchmarks/control.cis_v100_8_1","org":"turbot","name":"cis_v100_8_1","mod":"Alibaba Cloud Compliance","title":"8.1 Ensure that Security Center is Advanced or Enterprise Edition","description":"The Advanced or Enterprise Edition enables threat detection for network and endpoints, providing malware detection, webshell detection and anomaly detection in Security Center.","tags":{"category":"Compliance","cis":"true","cis_item_id":"8.1","cis_level":"2","cis_section_id":"8","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/SecurityCenter"}}],"controlTitle":"8.1 Ensure that Security Center is Advanced or Enterprise Edition","controlDescription":"The Advanced or Enterprise Edition enables threat detection for network and endpoints, providing malware detection, webshell detection and anomaly detection in Security Center.","controlTags":{"category":"Compliance","cis":"true","cis_item_id":"8.1","cis_level":"2","cis_section_id":"8","cis_type":"automated","cis_version":"v1.0.0","plugin":"alicloud","service":"AliCloud/SecurityCenter"}}}},"examples":{"account":{},"action_trail":{"example_list_enabled_trails":{"org":"turbot","tables":["alicloud.alicloud_action_trail"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_action_trail.md","folder":"ActionTrail","title":"List enabled trails","titleLine":37,"name":"example_list_enabled_trails","id":"example_list_enabled_trails","description":"Discover the segments that are actively monitoring your Alibaba Cloud resources. This query will help you understand which of your action trails are currently enabled and actively logging events, providing insights into your system's security and compliance.","descriptionStartLine":38,"queries":[{"lang":"sql+postgres","code":"select\n name,\n home_region,\n event_rw,\n status,\n trail_region\nfrom\n alicloud_action_trail\nwhere\n status = 'Enable';","startLine":40,"endLine":51},{"lang":"sql+sqlite","code":"select\n name,\n home_region,\n event_rw,\n status,\n trail_region\nfrom\n alicloud_action_trail\nwhere\n status = 'Enable';","startLine":53,"endLine":64}],"isExampleQuery":true},"example_list_multi_account_trails":{"org":"turbot","tables":["alicloud.alicloud_action_trail"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_action_trail.md","folder":"ActionTrail","title":"List multi-account trails","titleLine":66,"name":"example_list_multi_account_trails","id":"example_list_multi_account_trails","description":"This query is useful for identifying all the action trails that are set up across multiple accounts in your organization. It helps in understanding the configuration and status of these trails, which can be beneficial for auditing and compliance purposes.","descriptionStartLine":67,"queries":[{"lang":"sql+postgres","code":"select\n name,\n home_region,\n is_organization_trail,\n status,\n trail_region\nfrom\n alicloud_action_trail\nwhere\n is_organization_trail;","startLine":69,"endLine":80},{"lang":"sql+sqlite","code":"select\n name,\n home_region,\n is_organization_trail,\n status,\n trail_region\nfrom\n alicloud_action_trail\nwhere\n is_organization_trail = 1;","startLine":82,"endLine":93}],"isExampleQuery":true},"example_list_shadow_trails":{"org":"turbot","tables":["alicloud.alicloud_action_trail"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_action_trail.md","folder":"ActionTrail","title":"List shadow trails","titleLine":95,"name":"example_list_shadow_trails","id":"example_list_shadow_trails","description":"Determine the areas in which Alicloud's action trails are active across all regions, but their home region is different. This can be useful for understanding the distribution and operation of action trails in different regions.","descriptionStartLine":96,"queries":[{"lang":"sql+postgres","code":"select\n name,\n region,\n home_region\nfrom\n alicloud_action_trail\nwhere\n trail_region = 'All'\n and home_region <> region;","startLine":98,"endLine":108},{"lang":"sql+sqlite","code":"select\n name,\n region,\n home_region\nfrom\n alicloud_action_trail\nwhere\n trail_region = 'All'\n and home_region <> region;","startLine":110,"endLine":120}],"isExampleQuery":true}},"dns":{"example_list_expired_domain_instances":{"org":"turbot","tables":["alicloud.alicloud_alidns_domain"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_alidns_domain.md","folder":"DNS","title":"List expired domain instances","titleLine":35,"name":"example_list_expired_domain_instances","id":"example_list_expired_domain_instances","description":"Identify expired domain instances to ensure timely renewals and avoid service disruptions.","descriptionStartLine":36,"queries":[{"lang":"sql+postgres","code":"select\n domain_name,\n domain_id,\n instance_expired,\n instance_end_time\nfrom\n alicloud_alidns_domain\nwhere\n instance_expired;","startLine":38,"endLine":48},{"lang":"sql+sqlite","code":"select\n domain_name,\n domain_id,\n instance_expired,\n instance_end_time\nfrom\n alicloud_alidns_domain\nwhere\n instance_expired = 1;","startLine":50,"endLine":60}],"isExampleQuery":true},"example_list_star_marked_domains":{"org":"turbot","tables":["alicloud.alicloud_alidns_domain"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_alidns_domain.md","folder":"DNS","title":"List star-marked domains","titleLine":62,"name":"example_list_star_marked_domains","id":"example_list_star_marked_domains","description":"Explore domains marked as \"star domains\" for prioritization or special handling.","descriptionStartLine":63,"queries":[{"lang":"sql+postgres","code":"select\n domain_name,\n domain_id,\n starmark\nfrom\n alicloud_alidns_domain\nwhere\n starmark;","startLine":65,"endLine":74},{"lang":"sql+sqlite","code":"select\n domain_name,\n domain_id,\n starmark\nfrom\n alicloud_alidns_domain\nwhere\n starmark = 1;","startLine":76,"endLine":85}],"isExampleQuery":true},"example_list_dns_servers_for_a_domain":{"org":"turbot","tables":["alicloud.alicloud_alidns_domain"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_alidns_domain.md","folder":"DNS","title":"List DNS servers for a domain","titleLine":87,"name":"example_list_dns_servers_for_a_domain","id":"example_list_dns_servers_for_a_domain","description":"Retrieve the DNS servers associated with a specific domain to verify the configuration.","descriptionStartLine":88,"queries":[{"lang":"sql+postgres","code":"select\n domain_name,\n dns_servers\nfrom\n alicloud_alidns_domain\nwhere\n domain_name = 'example.com';","startLine":90,"endLine":98},{"lang":"sql+sqlite","code":"select\n domain_name,\n dns_servers\nfrom\n alicloud_alidns_domain\nwhere\n domain_name = 'example.com';","startLine":100,"endLine":108}],"isExampleQuery":true},"example_list_domains_with_high_record_counts":{"org":"turbot","tables":["alicloud.alicloud_alidns_domain"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_alidns_domain.md","folder":"DNS","title":"List domains with high record counts","titleLine":110,"name":"example_list_domains_with_high_record_counts","id":"example_list_domains_with_high_record_counts","description":"Identify domains with a high number of DNS records for optimization and management.","descriptionStartLine":111,"queries":[{"lang":"sql+postgres","code":"select\n domain_name,\n record_count\nfrom\n alicloud_alidns_domain\nwhere\n record_count > 100;","startLine":113,"endLine":121},{"lang":"sql+sqlite","code":"select\n domain_name,\n record_count\nfrom\n alicloud_alidns_domain\nwhere\n record_count > 100;","startLine":123,"endLine":131}],"isExampleQuery":true},"example_domains_by_resource_group":{"org":"turbot","tables":["alicloud.alicloud_alidns_domain"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_alidns_domain.md","folder":"DNS","title":"Domains by resource group","titleLine":133,"name":"example_domains_by_resource_group","id":"example_domains_by_resource_group","description":"Group domains by their resource group IDs to analyze resource allocation and usage.","descriptionStartLine":134,"queries":[{"lang":"sql+postgres","code":"select\n resource_group_id,\n count(*) as domain_count\nfrom\n alicloud_alidns_domain\ngroup by\n resource_group_id;","startLine":136,"endLine":144},{"lang":"sql+sqlite","code":"select\n resource_group_id,\n count(*) as domain_count\nfrom\n alicloud_alidns_domain\ngroup by\n resource_group_id;","startLine":146,"endLine":154}],"isExampleQuery":true},"example_domains_with_remarks":{"org":"turbot","tables":["alicloud.alicloud_alidns_domain"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_alidns_domain.md","folder":"DNS","title":"Domains with remarks","titleLine":156,"name":"example_domains_with_remarks","id":"example_domains_with_remarks","description":"Retrieve all domains that have remarks for additional metadata or notes.","descriptionStartLine":157,"queries":[{"lang":"sql+postgres","code":"select\n domain_name,\n remark\nfrom\n alicloud_alidns_domain\nwhere\n remark is not null;","startLine":159,"endLine":167},{"lang":"sql+sqlite","code":"select\n domain_name,\n remark\nfrom\n alicloud_alidns_domain\nwhere\n remark is not null;","startLine":169,"endLine":177}],"isExampleQuery":true}},"cas":{"example_list_expired_certificates":{"org":"turbot","tables":["alicloud.alicloud_cas_certificate"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_cas_certificate.md","folder":"CAS","title":"List expired certificates","titleLine":35,"name":"example_list_expired_certificates","id":"example_list_expired_certificates","description":"Explore which certificates have expired to ensure your systems remain secure and up-to-date. This is crucial as expired certificates can lead to security vulnerabilities and system downtime.","descriptionStartLine":36,"queries":[{"lang":"sql+postgres","code":"select\n name,\n id,\n issuer,\n expired\nfrom\n alicloud_cas_certificate\nwhere\n expired;","startLine":38,"endLine":48},{"lang":"sql+sqlite","code":"select\n name,\n id,\n issuer,\n expired\nfrom\n alicloud_cas_certificate\nwhere\n expired = 1;","startLine":50,"endLine":60}],"isExampleQuery":true},"example_list_third_party_certificates":{"org":"turbot","tables":["alicloud.alicloud_cas_certificate"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_cas_certificate.md","folder":"CAS","title":"List third-party certificates","titleLine":62,"name":"example_list_third_party_certificates","id":"example_list_third_party_certificates","description":"Discover the segments that contain third-party certificates in the Alicloud CAS service. This can be useful to identify certificates not purchased through Alicloud, potentially highlighting areas of cost savings or security risks.","descriptionStartLine":63,"queries":[{"lang":"sql+postgres","code":"select\n name,\n id,\n issuer,\n buy_in_aliyun\nfrom\n alicloud_cas_certificate\nwhere\n not buy_in_aliyun;","startLine":65,"endLine":75},{"lang":"sql+sqlite","code":"select\n name,\n id,\n issuer,\n buy_in_aliyun\nfrom\n alicloud_cas_certificate\nwhere\n buy_in_aliyun = 0;","startLine":77,"endLine":87}],"isExampleQuery":true}},"cms":{"example_get_the_status_of_each_host":{"org":"turbot","tables":["alicloud.alicloud_cms_monitor_host"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_cms_monitor_host.md","folder":"CMS","title":"Get the status of each host","titleLine":39,"name":"example_get_the_status_of_each_host","id":"example_get_the_status_of_each_host","description":"This query allows you to assess the status of each host within your cloud management system. It provides valuable insights into which hosts are active, which are inactive, and which have automatic installation enabled, aiding in efficient system management and troubleshooting.","descriptionStartLine":40,"queries":[{"lang":"sql+postgres","code":"select\n host_name,\n m ->> 'InstanceId' as instance_id,\n m -> 'AutoInstall' as auto_install,\n m -> 'Status' as status\nfrom\n alicloud_cms_monitor_host,\n jsonb_array_elements(monitoring_agent_status) as m;","startLine":42,"endLine":51},{"lang":"sql+sqlite","code":"select\n host_name,\n json_extract(m.value, '$.InstanceId') as instance_id,\n json_extract(m.value, '$.AutoInstall') as auto_install,\n json_extract(m.value, '$.Status') as status\nfrom\n alicloud_cms_monitor_host,\n json_each(monitoring_agent_status) as m;","startLine":53,"endLine":62}],"isExampleQuery":true},"example_list_hosts_provided_by_alibaba_cloud":{"org":"turbot","tables":["alicloud.alicloud_cms_monitor_host"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_cms_monitor_host.md","folder":"CMS","title":"List hosts provided by Alibaba Cloud","titleLine":64,"name":"example_list_hosts_provided_by_alibaba_cloud","id":"example_list_hosts_provided_by_alibaba_cloud","description":"Discover the segments that consist of hosts provided by Alibaba Cloud. This can be beneficial for understanding your cloud resource distribution and for managing your cloud infrastructure more effectively.","descriptionStartLine":65,"queries":[{"lang":"sql+postgres","code":"select\n host_name,\n is_aliyun_host\nfrom\n alicloud_cms_monitor_host\nwhere\n is_aliyun_host;","startLine":67,"endLine":75},{"lang":"sql+sqlite","code":"select\n host_name,\n is_aliyun_host\nfrom\n alicloud_cms_monitor_host\nwhere\n is_aliyun_host = 1;","startLine":77,"endLine":85}],"isExampleQuery":true}},"cs":{"example_list_running_clusters":{"org":"turbot","tables":["alicloud.alicloud_cs_kubernetes_cluster"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_cs_kubernetes_cluster.md","folder":"CS","title":"List running clusters","titleLine":37,"name":"example_list_running_clusters","id":"example_list_running_clusters","description":"Determine the areas in which active clusters are operating to manage resources and ensure optimal performance. This query is useful for maintaining system efficiency and preventing overutilization of resources.","descriptionStartLine":38,"queries":[{"lang":"sql+postgres","code":"select\n name,\n cluster_id,\n state,\n size,\n cluster_type\nfrom\n alicloud_cs_kubernetes_cluster\nwhere\n state = 'running';","startLine":40,"endLine":51},{"lang":"sql+sqlite","code":"select\n name,\n cluster_id,\n state,\n size,\n cluster_type\nfrom\n alicloud_cs_kubernetes_cluster\nwhere\n state = 'running';","startLine":53,"endLine":64}],"isExampleQuery":true},"example_list_managed_kubernetes_clusters":{"org":"turbot","tables":["alicloud.alicloud_cs_kubernetes_cluster"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_cs_kubernetes_cluster.md","folder":"CS","title":"List managed Kubernetes clusters","titleLine":66,"name":"example_list_managed_kubernetes_clusters","id":"example_list_managed_kubernetes_clusters","description":"Discover the segments that are utilizing Managed Kubernetes clusters. This is useful for assessing the distribution of cluster types and identifying areas for potential optimization or consolidation.","descriptionStartLine":67,"queries":[{"lang":"sql+postgres","code":"select\n name,\n cluster_id,\n state,\n size,\n cluster_type\nfrom\n alicloud_cs_kubernetes_cluster\nwhere\n cluster_type = 'ManagedKubernetes';","startLine":69,"endLine":80},{"lang":"sql+sqlite","code":"select\n name,\n cluster_id,\n state,\n size,\n cluster_type\nfrom\n alicloud_cs_kubernetes_cluster\nwhere\n cluster_type = 'ManagedKubernetes';","startLine":82,"endLine":93}],"isExampleQuery":true},"example_list_worker_nodes":{"org":"turbot","tables":["alicloud.alicloud_cs_kubernetes_cluster_node"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_cs_kubernetes_cluster_node.md","folder":"CS","title":"List worker nodes","titleLine":37,"name":"example_list_worker_nodes","id":"example_list_worker_nodes","description":"Identify instances where the role of a node in a Kubernetes cluster is 'Worker'. This allows you to quickly determine which nodes are performing worker tasks within your cluster.","descriptionStartLine":38,"queries":[{"lang":"sql+postgres","code":"select\n node_name,\n instance_id,\n instance_name,\n instance_role\nfrom\n alicloud_cs_kubernetes_cluster_node\nwhere\n instance_role = 'Worker';","startLine":40,"endLine":50},{"lang":"sql+sqlite","code":"select\n node_name,\n instance_id,\n instance_name,\n instance_role\nfrom\n alicloud_cs_kubernetes_cluster_node\nwhere\n instance_role = 'Worker';","startLine":52,"endLine":62}],"isExampleQuery":true},"example_count_the_number_of_nodes_per_instance":{"org":"turbot","tables":["alicloud.alicloud_cs_kubernetes_cluster_node"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_cs_kubernetes_cluster_node.md","folder":"CS","title":"Count the number of nodes per instance","titleLine":64,"name":"example_count_the_number_of_nodes_per_instance","id":"example_count_the_number_of_nodes_per_instance","description":"Determine the distribution of nodes across different instances in your Kubernetes cluster. This can help identify any uneven distribution and manage workload balancing effectively.","descriptionStartLine":65,"queries":[{"lang":"sql+postgres","code":"select\n instance_id,\n count(*) as node_count\nfrom\n alicloud_cs_kubernetes_cluster_node\ngroup by\n instance_id;","startLine":67,"endLine":75},{"lang":"sql+sqlite","code":"select\n instance_id,\n count(*) as node_count\nfrom\n alicloud_cs_kubernetes_cluster_node\ngroup by\n instance_id;","startLine":77,"endLine":85}],"isExampleQuery":true}},"ecs":{"example_get_instance_details_for_a_specific_group":{"org":"turbot","tables":["alicloud.alicloud_ecs_auto_provisioning_group"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_auto_provisioning_group.md","folder":"ECS","title":"Get instance details for a specific group","titleLine":35,"name":"example_get_instance_details_for_a_specific_group","id":"example_get_instance_details_for_a_specific_group","description":"Explore the specific details of instances within a certain group. This query is beneficial for understanding the settings and statuses of these instances, allowing for more informed management and troubleshooting decisions.","descriptionStartLine":36,"queries":[{"lang":"sql+postgres","code":"select\n apg.name as auto_provisioning_group_name,\n apg.launch_template_id as launch_template_id,\n apg.launch_template_version as launch_template_version,\n i.instance_type,\n i.os_name_en,\n i.private_ip_address,\n i.public_ip_address,\n ins_detail ->> 'InstanceId' as instance_id,\n ins_detail ->> 'InstanceType' as instance_type,\n ins_detail ->> 'Status' as instance_status,\n ins_detail ->> 'NetworkType' as instance_network_type\nfrom\n alicloud_ecs_auto_provisioning_group as apg,\n jsonb_array_elements(apg.instances) as ins_detail,\n alicloud_ecs_instance as i\nwhere\n ins_detail ->> 'InstanceId' = i.instance_id\n and apg.name = 'my_group';","startLine":38,"endLine":58},{"lang":"sql+sqlite","code":"select\n apg.name as auto_provisioning_group_name,\n apg.launch_template_id as launch_template_id,\n apg.launch_template_version as launch_template_version,\n i.instance_type,\n i.os_name_en,\n i.private_ip_address,\n i.public_ip_address,\n json_extract(ins_detail.value, '$.InstanceId') as instance_id,\n json_extract(ins_detail.value, '$.InstanceType') as instance_type,\n json_extract(ins_detail.value, '$.Status') as instance_status,\n json_extract(ins_detail.value, '$.NetworkType') as instance_network_type\nfrom\n alicloud_ecs_auto_provisioning_group as apg,\n json_each(apg.instances) as ins_detail,\n alicloud_ecs_instance as i\nwhere\n json_extract(ins_detail.value, '$.InstanceId') = i.instance_id\n and apg.name = 'my_group';","startLine":60,"endLine":80}],"isExampleQuery":true},"example_list_inactive_groups":{"org":"turbot","tables":["alicloud.alicloud_ecs_auto_provisioning_group"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_auto_provisioning_group.md","folder":"ECS","title":"List inactive groups","titleLine":82,"name":"example_list_inactive_groups","id":"example_list_inactive_groups","description":"Discover the segments that are not currently active within your auto provisioning groups. This could be useful for auditing resources, managing costs, or identifying potential issues in your infrastructure.","descriptionStartLine":83,"queries":[{"lang":"sql+postgres","code":"select\n name,\n auto_provisioning_group_id,\n status\nfrom\n alicloud_ecs_auto_provisioning_group\nwhere\n status <> 'active';","startLine":85,"endLine":94},{"lang":"sql+sqlite","code":"select\n name,\n auto_provisioning_group_id,\n status\nfrom\n alicloud_ecs_auto_provisioning_group\nwhere\n status != 'active';","startLine":96,"endLine":105}],"isExampleQuery":true},"example_basic_auto_scaling_group_info":{"org":"turbot","tables":["alicloud.alicloud_ecs_autoscaling_group"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_autoscaling_group.md","folder":"ECS","title":"Basic auto scaling group info","titleLine":12,"name":"example_basic_auto_scaling_group_info","id":"example_basic_auto_scaling_group_info","description":"This example helps to understand the configuration and capacity details of an auto scaling group in Alibaba Cloud. It can be used to monitor and manage the scaling of resources, ensuring optimal performance and cost-effectiveness.","descriptionStartLine":13,"queries":[{"lang":"sql+postgres","code":"select\n name,\n load_balancer_ids,\n default_cooldown,\n active_capacity,\n desired_capacity,\n min_size,\n max_size\nfrom\n alicloud_ecs_autoscaling_group;","startLine":15,"endLine":26},{"lang":"sql+sqlite","code":"select\n name,\n load_balancer_ids,\n default_cooldown,\n active_capacity,\n desired_capacity,\n min_size,\n max_size\nfrom\n alicloud_ecs_autoscaling_group;","startLine":28,"endLine":39}],"isExampleQuery":true},"example_autoscaling_group_instance_details":{"org":"turbot","tables":["alicloud.alicloud_ecs_autoscaling_group"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_autoscaling_group.md","folder":"ECS","title":"Autoscaling group instance details","titleLine":41,"name":"example_autoscaling_group_instance_details","id":"example_autoscaling_group_instance_details","description":"Explore the specific details of instances within a particular autoscaling group. This can help in managing and optimizing resources by analyzing the health status, instance type, and other relevant details of each instance.","descriptionStartLine":42,"queries":[{"lang":"sql+postgres","code":"select\n asg.name as autoscaling_group_name,\n i.instance_type,\n i.os_name_en,\n i.private_ip_address,\n i.public_ip_address,\n ins_detail ->> 'InstanceId' as instance_id,\n ins_detail ->> 'CreationType' as instance_creation_type,\n ins_detail ->> 'HealthStatus' as health_status,\n ins_detail ->> 'ScalingConfigurationId' as scaling_configuration_id,\n ins_detail ->> 'ScalingGroupId' as scaling_group_id,\n ins_detail -> 'LaunchTemplateId' as launch_template_id,\n ins_detail -> 'LaunchTemplateVersion' as launch_template_version\nfrom\n alicloud_ecs_autoscaling_group as asg,\n jsonb_array_elements(asg.scaling_instances) as ins_detail,\n alicloud_ecs_instance as i\nwhere\n ins_detail ->> 'InstanceId' = i.instance_id\n and asg.name = 'js_as_1';","startLine":44,"endLine":65},{"lang":"sql+sqlite","code":"select\n asg.name as autoscaling_group_name,\n i.instance_type,\n i.os_name_en,\n i.private_ip_address,\n i.public_ip_address,\n json_extract(ins_detail.value, '$.InstanceId') as instance_id,\n json_extract(ins_detail.value, '$.CreationType') as instance_creation_type,\n json_extract(ins_detail.value, '$.HealthStatus') as health_status,\n json_extract(ins_detail.value, '$.ScalingConfigurationId') as scaling_configuration_id,\n json_extract(ins_detail.value, '$.ScalingGroupId') as scaling_group_id,\n json_extract(ins_detail.value, '$.LaunchTemplateId') as launch_template_id,\n json_extract(ins_detail.value, '$.LaunchTemplateVersion') as launch_template_version\nfrom\n alicloud_ecs_autoscaling_group as asg,\n json_each(asg.scaling_instances) as ins_detail,\n alicloud_ecs_instance as i\nwhere\n json_extract(ins_detail.value, '$.InstanceId') = i.instance_id\n and asg.name = 'js_as_1';","startLine":67,"endLine":88}],"isExampleQuery":true},"example_list_of_autoscaling_group_for_which_deletion_protection_is_not_enabled":{"org":"turbot","tables":["alicloud.alicloud_ecs_autoscaling_group"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_autoscaling_group.md","folder":"ECS","title":"List of Autoscaling Group for which deletion protection is not enabled","titleLine":90,"name":"example_list_of_autoscaling_group_for_which_deletion_protection_is_not_enabled","id":"example_list_of_autoscaling_group_for_which_deletion_protection_is_not_enabled","description":"Explore which autoscaling groups in your Alicloud ECS setup lack deletion protection. This is beneficial to identify potential risk areas and take necessary measures to prevent accidental deletions.","descriptionStartLine":91,"queries":[{"lang":"sql+postgres","code":"select\n name,\n scaling_group_id,\n group_deletion_protection\nfrom\n alicloud_ecs_autoscaling_group\nwhere\n not group_deletion_protection;","startLine":93,"endLine":102},{"lang":"sql+sqlite","code":"select\n name,\n scaling_group_id,\n group_deletion_protection\nfrom\n alicloud_ecs_autoscaling_group\nwhere\n group_deletion_protection = 0;","startLine":104,"endLine":113}],"isExampleQuery":true},"example_unencrypted_disks":{"org":"turbot","tables":["alicloud.alicloud_ecs_disk"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_disk.md","folder":"ECS","title":"Unencrypted Disks","titleLine":43,"name":"example_unencrypted_disks","id":"example_unencrypted_disks","description":"Determine the areas in which there are unencrypted disks in your Alicloud ECS instances. This can help in identifying potential security risks and ensuring that all data storage devices comply with encryption standards.","descriptionStartLine":44,"queries":[{"lang":"sql+postgres","code":"select\n name,\n disk_id,\n encrypted,\n zone,\n status,\n size,\n instance_id,\n kms_key_id\nfrom\n alicloud_ecs_disk\nwhere\n not encrypted;","startLine":45,"endLine":59},{"lang":"sql+sqlite","code":"select\n name,\n disk_id,\n encrypted,\n zone,\n status,\n size,\n instance_id,\n kms_key_id\nfrom\n alicloud_ecs_disk\nwhere\n encrypted = 0;","startLine":61,"endLine":75}],"isExampleQuery":true},"example_list_of_disks_encrypted_with_default_service_cmk":{"org":"turbot","tables":["alicloud.alicloud_ecs_disk"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_disk.md","folder":"ECS","title":"List of disks Encrypted with Default Service CMK","titleLine":77,"name":"example_list_of_disks_encrypted_with_default_service_cmk","id":"example_list_of_disks_encrypted_with_default_service_cmk","description":"","descriptionStartLine":null,"queries":[{"lang":"sql+postgres","code":"select\n name,\n disk_id,\n encrypted,\n zone,\n status,\n size,\n instance_id,\n kms_key_id\nfrom\n alicloud_ecs_disk\nwhere\n encrypted\n and kms_key_id = '';","startLine":79,"endLine":94}],"isExampleQuery":true},"example_list_auto_snapshot_policy_details_applied_to_disk":{"org":"turbot","tables":["alicloud.alicloud_ecs_disk"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_disk.md","folder":"ECS","title":"List Auto Snapshot Policy details applied to disk","titleLine":98,"name":"example_list_auto_snapshot_policy_details_applied_to_disk","id":"example_list_auto_snapshot_policy_details_applied_to_disk","description":"This query is used to explore the details of auto snapshot policies applied to encrypted disks in the Alibaba Cloud ECS service. It helps in managing and understanding the security aspects of disk storage by identifying those without a specified Key Management Service (KMS) key ID.","descriptionStartLine":99,"queries":[{"lang":null,"code":"\n\n```sql+sqlite\n```sql\nselect\n name,\n disk_id,\n encrypted,\n zone,\n status,\n size,\n instance_id,\n kms_key_id\n from\n alicloud_ecs_disk\nwhere\n encrypted = 1\n and kms_key_id = '';","startLine":100,"endLine":119},{"lang":"sql","code":"select\n name,\n auto_snapshot_policy_id,\n auto_snapshot_policy_name,\n auto_snapshot_policy_creation_time,\n auto_snapshot_policy_enable_cross_region_copy,\n auto_snapshot_policy_repeat_week_days,\n auto_snapshot_policy_retention_days,\n auto_snapshot_policy_status,\n auto_snapshot_policy_time_points,\n auto_snapshot_policy_tags\nfrom\n alicloud_ecs_disk;","startLine":120,"endLine":134}],"isExampleQuery":true},"example_list_of_disks_without_owner_tag_key":{"org":"turbot","tables":["alicloud.alicloud_ecs_disk"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_disk.md","folder":"ECS","title":"List of disks without owner tag key","titleLine":136,"name":"example_list_of_disks_without_owner_tag_key","id":"example_list_of_disks_without_owner_tag_key","description":"Discover the segments that lack an assigned 'owner' in the disk resource data, allowing for prompt identification and rectification of unassigned resources.","descriptionStartLine":137,"queries":[{"lang":"sql+postgres","code":"select\n name,\n disk_id,\n tags\nfrom\n alicloud_ecs_disk\nwhere\n tags ->> 'owner' is null;","startLine":139,"endLine":148},{"lang":"sql+sqlite","code":"select\n name,\n disk_id,\n tags\nfrom\n alicloud_ecs_disk\nwhere\n json_extract(tags, '$.owner') is null;","startLine":150,"endLine":159}],"isExampleQuery":true},"example_list_disks_attached_to_a_specific_instance":{"org":"turbot","tables":["alicloud.alicloud_ecs_disk"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_disk.md","folder":"ECS","title":"List disks attached to a specific instance","titleLine":161,"name":"example_list_disks_attached_to_a_specific_instance","id":"example_list_disks_attached_to_a_specific_instance","description":"Determine the specifics of disks attached to a particular instance, such as their size, type, billing method, and encryption status. This can be useful to assess storage usage, cost implications, and security measures.","descriptionStartLine":162,"queries":[{"lang":"sql+postgres","code":"select\n name,\n disk_id,\n size,\n type,\n billing_method,\n zone,\n region,\n encrypted\nfrom\n alicloud_ecs_disk\nwhere\n instance_id = 'i-0xickpvpsaih9w7s4zrq';","startLine":163,"endLine":177},{"lang":"sql+sqlite","code":"select\n name,\n disk_id,\n size,\n type,\n billing_method,\n zone,\n region,\n encrypted\nfrom\n alicloud_ecs_disk\nwhere\n instance_id = 'i-0xickpvpsaih9w7s4zrq';","startLine":179,"endLine":193}],"isExampleQuery":true},"example_list_of_disks_not_attached_to_any_instances":{"org":"turbot","tables":["alicloud.alicloud_ecs_disk"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_disk.md","folder":"ECS","title":"List of disks not attached to any instances","titleLine":196,"name":"example_list_of_disks_not_attached_to_any_instances","id":"example_list_of_disks_not_attached_to_any_instances","description":"Identify the disks that are currently not in use within your system. This can help manage resources more effectively by highlighting potential areas for storage optimization.","descriptionStartLine":197,"queries":[{"lang":"sql+postgres","code":"select\n name,\n disk_id,\n status,\n attached_time,\n detached_time\nfrom\n alicloud_ecs_disk\nwhere\n status = 'Available';","startLine":199,"endLine":210},{"lang":"sql+sqlite","code":"select\n name,\n disk_id,\n status,\n attached_time,\n detached_time\nfrom\n alicloud_ecs_disk\nwhere\n status = 'Available';","startLine":212,"endLine":223}],"isExampleQuery":true},"example_disk_count_in_each_availability_zone":{"org":"turbot","tables":["alicloud.alicloud_ecs_disk"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_disk.md","folder":"ECS","title":"Disk count in each availability zone","titleLine":225,"name":"example_disk_count_in_each_availability_zone","id":"example_disk_count_in_each_availability_zone","description":"Uncover the details of disk distribution across different availability zones to optimize resource allocation and balance load. This can be beneficial for improving system performance and resilience.","descriptionStartLine":226,"queries":[{"lang":"sql+postgres","code":"select\n zone,\n count(*)\nfrom\n alicloud_ecs_disk\ngroup by\n zone\norder by\n count desc;","startLine":228,"endLine":238},{"lang":"sql+sqlite","code":"select\n zone,\n count(*)\nfrom\n alicloud_ecs_disk\ngroup by\n zone\norder by\n count(*) desc;","startLine":240,"endLine":250}],"isExampleQuery":true},"example_top_10_largest_disks":{"org":"turbot","tables":["alicloud.alicloud_ecs_disk"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_disk.md","folder":"ECS","title":"Top 10 largest Disks","titleLine":253,"name":"example_top_10_largest_disks","id":"example_top_10_largest_disks","description":"Analyze your cloud storage to pinpoint the specific locations where the ten largest disks are in use. This is particularly useful for managing storage resources and planning for capacity upgrades.","descriptionStartLine":254,"queries":[{"lang":"sql+postgres","code":"select\n name,\n disk_id,\n size,\n status,\n instance_id\nfrom\n alicloud_ecs_disk\norder by\n size desc\nlimit 10;","startLine":255,"endLine":267},{"lang":"sql+sqlite","code":"select\n name,\n disk_id,\n size,\n status,\n instance_id\nfrom\n alicloud_ecs_disk\norder by\n size desc\nlimit 10;","startLine":269,"endLine":281}],"isExampleQuery":true},"example_list_of_disks_having_no_attached_running_instances":{"org":"turbot","tables":["alicloud.alicloud_ecs_disk"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_disk.md","folder":"ECS","title":"List of disks having no attached running instances","titleLine":283,"name":"example_list_of_disks_having_no_attached_running_instances","id":"example_list_of_disks_having_no_attached_running_instances","description":"Determine the areas in which disks are not being utilized by identifying instances where disks are not attached to any running instances. This query is useful in pinpointing potential resources that may be underutilized or misallocated, helping optimize resource allocation and potentially reducing costs.","descriptionStartLine":284,"queries":[{"lang":"sql+postgres","code":"select\n i.instance_id as \"Instance ID\",\n i.name as \"Name\",\n i.arn as \"Instance ARN\",\n i.status as \"Instance State\",\n attachment ->> 'AttachedTime' as \"Attachment Time\"\nfrom\n alicloud_ecs_disk as v,\n jsonb_array_elements(attachments) as attachment,\n alicloud_ecs_instance as i\nwhere\n i.instance_id = attachment ->> 'InstanceId'\n and i.status <> 'Running'\norder by\n i.instance_id;","startLine":286,"endLine":302},{"lang":"sql+sqlite","code":"select\n i.instance_id as \"Instance ID\",\n i.name as \"Name\",\n i.arn as \"Instance ARN\",\n i.status as \"Instance State\",\n json_extract(attachment.value, '$.AttachedTime') as \"Attachment Time\"\nfrom\n alicloud_ecs_disk as v,\n json_each(attachments) as attachment,\n alicloud_ecs_instance as i\nwhere\n i.instance_id = json_extract(attachment.value, '$.InstanceId')\n and i.status <> 'Running'\norder by\n i.instance_id;","startLine":304,"endLine":320}],"isExampleQuery":true},"example_intervals_where_operation_exceed_1000_average_read_iops":{"org":"turbot","tables":["alicloud.alicloud_ecs_disk_metric_read_iops_daily"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_disk_metric_read_iops_daily.md","folder":"ECS","title":"Intervals where operation exceed 1000 average read iops","titleLine":45,"name":"example_intervals_where_operation_exceed_1000_average_read_iops","id":"example_intervals_where_operation_exceed_1000_average_read_iops","description":"Explore instances where the daily average read operations per second (IOPS) on an Alibaba Cloud Elastic Compute Service (ECS) disk exceed 1000. This can be useful in identifying periods of high disk usage, which could impact system performance.","descriptionStartLine":46,"queries":[{"lang":"sql+postgres","code":"select\n instance_id,\n timestamp,\n round(minimum::numeric,2) as min_ops,\n round(maximum::numeric,2) as max_ops,\n round(average::numeric,2) as avg_ops\nfrom\n alicloud_ecs_disk_metric_read_iops_daily\nwhere average > 1000\norder by\n instance_id,\n timestamp;","startLine":48,"endLine":61},{"lang":"sql+sqlite","code":"select\n instance_id,\n timestamp,\n round(minimum,2) as min_ops,\n round(maximum,2) as max_ops,\n round(average,2) as avg_ops\nfrom\n alicloud_ecs_disk_metric_read_iops_daily\nwhere average > 1000\norder by\n instance_id,\n timestamp;","startLine":63,"endLine":76}],"isExampleQuery":true},"example_intervals_where_operation_exceed_1000_average_write_iops":{"org":"turbot","tables":["alicloud.alicloud_ecs_disk_metric_write_iops_hourly"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_disk_metric_write_iops_hourly.md","folder":"ECS","title":"Intervals where operation exceed 1000 average write iops","titleLine":43,"name":"example_intervals_where_operation_exceed_1000_average_write_iops","id":"example_intervals_where_operation_exceed_1000_average_write_iops","description":"Determine the instances where the average write operations per second exceeded 1000 in a given hour. This can help in identifying potential performance issues or heavy workloads on your ECS disks.","descriptionStartLine":44,"queries":[{"lang":"sql+postgres","code":"select\n instance_id,\n timestamp,\n round(minimum::numeric,2) as min_ops,\n round(maximum::numeric,2) as max_ops,\n round(average::numeric,2) as avg_ops\nfrom\n alicloud_ecs_disk_metric_write_iops_hourly\nwhere average > 1000\norder by\n instance_id,\n timestamp;","startLine":46,"endLine":59},{"lang":"sql+sqlite","code":"select\n instance_id,\n timestamp,\n round(minimum,2) as min_ops,\n round(maximum,2) as max_ops,\n round(average,2) as avg_ops\nfrom\n alicloud_ecs_disk_metric_write_iops_hourly\nwhere average > 1000\norder by\n instance_id,\n timestamp;","startLine":61,"endLine":74}],"isExampleQuery":true},"example_list_of_public_images":{"org":"turbot","tables":["alicloud.alicloud_ecs_image"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_image.md","folder":"ECS","title":"List of public images","titleLine":39,"name":"example_list_of_public_images","id":"example_list_of_public_images","description":"Discover the segments that are using system-owned images in your environment. This is useful for understanding what resources are publicly available and potentially vulnerable.","descriptionStartLine":40,"queries":[{"lang":"sql+postgres","code":"select\n name,\n image_id,\n image_owner_alias\nfrom\n alicloud_ecs_image\nwhere\n image_owner_alias = 'system';","startLine":42,"endLine":51},{"lang":"sql+sqlite","code":"select\n name,\n image_id,\n image_owner_alias\nfrom\n alicloud_ecs_image\nwhere\n image_owner_alias = 'system';","startLine":53,"endLine":62}],"isExampleQuery":true},"example_list_of_custom_user_defined_images_defined_in_this_account":{"org":"turbot","tables":["alicloud.alicloud_ecs_image"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_image.md","folder":"ECS","title":"List of custom (user-defined) images defined in this account","titleLine":64,"name":"example_list_of_custom_user_defined_images_defined_in_this_account","id":"example_list_of_custom_user_defined_images_defined_in_this_account","description":"Explore the custom images created within your account to gain insights into their details such as size, status, architecture, and operating system. This can be beneficial in managing resources and ensuring optimal usage.","descriptionStartLine":65,"queries":[{"lang":"sql+postgres","code":"select\n name,\n image_id,\n image_owner_alias,\n is_self_shared,\n size,\n status,\n architecture,\n os_name_en\nfrom\n alicloud_ecs_image\nwhere\n image_owner_alias = 'self';","startLine":67,"endLine":81},{"lang":"sql+sqlite","code":"select\n name,\n image_id,\n image_owner_alias,\n is_self_shared,\n size,\n status,\n architecture,\n os_name_en\nfrom\n alicloud_ecs_image\nwhere\n image_owner_alias = 'self';","startLine":83,"endLine":97}],"isExampleQuery":true},"example_list_of_user_defined_images_which_do_not_have_owner_tag_key":{"org":"turbot","tables":["alicloud.alicloud_ecs_image"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_image.md","folder":"ECS","title":"List of user-defined images which do not have owner tag key","titleLine":99,"name":"example_list_of_user_defined_images_which_do_not_have_owner_tag_key","id":"example_list_of_user_defined_images_which_do_not_have_owner_tag_key","description":"Discover the user-defined images that lack an owner tag key. This can be useful in managing and organizing your images, ensuring that each has an owner associated with it for accountability and easy tracking.","descriptionStartLine":100,"queries":[{"lang":"sql+postgres","code":"select\n name,\n image_id,\n tags\nfrom\n alicloud_ecs_image\nwhere\n tags -> 'owner' is null\n and image_owner_alias = 'self';","startLine":102,"endLine":112},{"lang":"sql+sqlite","code":"select\n name,\n image_id,\n tags\nfrom\n alicloud_ecs_image\nwhere\n json_extract(tags, '$.owner') is null\n and image_owner_alias = 'self';","startLine":114,"endLine":124}],"isExampleQuery":true},"example_list_of_available_images_older_than_90_days":{"org":"turbot","tables":["alicloud.alicloud_ecs_image"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_image.md","folder":"ECS","title":"List of available images older than 90 days","titleLine":126,"name":"example_list_of_available_images_older_than_90_days","id":"example_list_of_available_images_older_than_90_days","description":"Discover the segments that contain images available for over 90 days. This query is beneficial in managing resources by identifying older, potentially unused images that may be taking up unnecessary storage space.","descriptionStartLine":127,"queries":[{"lang":"sql+postgres","code":"select\n name,\n image_id,\n creation_time,\n age(creation_time),\n status\nfrom\n alicloud_ecs_image\nwhere\n creation_time <= (current_date - interval '90' day)\n and status = 'Available'\norder by\n creation_time;","startLine":129,"endLine":143},{"lang":"sql+sqlite","code":"select\n name,\n image_id,\n creation_time,\n julianday('now') - julianday(creation_time) as age,\n status\nfrom\n alicloud_ecs_image\nwhere\n julianday(creation_time) <= julianday(date('now','-90 day'))\n and status = 'Available'\norder by\n creation_time;","startLine":145,"endLine":159}],"isExampleQuery":true},"example_list_of_unused_images":{"org":"turbot","tables":["alicloud.alicloud_ecs_image"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_image.md","folder":"ECS","title":"List of unused images","titleLine":161,"name":"example_list_of_unused_images","id":"example_list_of_unused_images","description":"Discover the segments that contain unused images in your Alicloud ECS, allowing you to manage your resources more efficiently by identifying and removing unnecessary data.","descriptionStartLine":162,"queries":[{"lang":"sql+postgres","code":"select\n name,\n image_id\nfrom\n alicloud_ecs_image\nwhere\n usage = 'none';","startLine":164,"endLine":172},{"lang":"sql+sqlite","code":"select\n name,\n image_id\nfrom\n alicloud_ecs_image\nwhere\n usage = 'none';","startLine":174,"endLine":182}],"isExampleQuery":true},"example_list_of_instances_created_from_an_image_older_than_90_days_old":{"org":"turbot","tables":["alicloud.alicloud_ecs_image"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_image.md","folder":"ECS","title":"List of instances created from an image older than 90 days old","titleLine":184,"name":"example_list_of_instances_created_from_an_image_older_than_90_days_old","id":"example_list_of_instances_created_from_an_image_older_than_90_days_old","description":"Identify instances that were created from an image that's over 90 days old. This can be useful for maintaining up-to-date system images and ensuring that instances are not running on outdated software.","descriptionStartLine":185,"queries":[{"lang":"sql+postgres","code":"select\n instance.name as instance_name,\n instance.instance_id as instance_id,\n image.name as image_name,\n instance.status as instance_status,\n age(image.creation_time) as image_age,\n age(instance.creation_time) as instance_age\nfrom\n alicloud_ecs_image as image,\n alicloud_ecs_instance as instance\nwhere\n instance.image_id = image.image_id\n and image.creation_time <= (current_date - interval '90' day)","startLine":187,"endLine":201},{"lang":"sql+sqlite","code":"select\n instance.name as instance_name,\n instance.instance_id as instance_id,\n image.name as image_name,\n instance.status as instance_status,\n julianday('now') - julianday(image.creation_time) as image_age,\n julianday('now') - julianday(instance.creation_time) as instance_age\nfrom\n alicloud_ecs_image as image,\n alicloud_ecs_instance as instance\nwhere\n instance.image_id = image.image_id\n and date(image.creation_time) <= date(julianday('now','-90 day'))","startLine":203,"endLine":217}],"isExampleQuery":true},"example_get_details_of_a_particular_image":{"org":"turbot","tables":["alicloud.alicloud_ecs_image"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_image.md","folder":"ECS","title":"Get details of a particular image","titleLine":219,"name":"example_get_details_of_a_particular_image","id":"example_get_details_of_a_particular_image","description":"Determine the specifics of a particular image, such as its size and status, within a specified region. This is useful for assessing the usage and availability of an image in a specific geographical location.","descriptionStartLine":220,"queries":[{"lang":"sql+postgres","code":"select\n name,\n image_id,\n arn,\n size,\n status,\n usage\nfrom\n alicloud_ecs_image\nwhere\n image_id = 'centos_7_9_x64_20G_alibase_20221129.vhd'\n and region = 'us-east-1';","startLine":222,"endLine":235},{"lang":"sql+sqlite","code":"select\n name,\n image_id,\n arn,\n size,\n status,\n usage\nfrom\n alicloud_ecs_image\nwhere\n image_id = 'centos_7_9_x64_20G_alibase_20221129.vhd'\n and region = 'us-east-1';","startLine":237,"endLine":250}],"isExampleQuery":true},"example_basic_instance_info":{"org":"turbot","tables":["alicloud.alicloud_ecs_instance"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_instance.md","folder":"ECS","title":"Basic Instance Info","titleLine":12,"name":"example_basic_instance_info","id":"example_basic_instance_info","description":"Assess the elements within your Alibaba Cloud ECS instances to gain insights into their operational status, type, and network details. This can help in managing resources, ensuring optimal performance, and identifying potential issues.","descriptionStartLine":13,"queries":[{"lang":"sql+postgres","code":"select\n instance_id,\n name,\n arn,\n status,\n instance_type,\n os_name_en,\n public_ip_address,\n private_ip_address,\n zone\nfrom\n alicloud_ecs_instance;","startLine":14,"endLine":27},{"lang":"sql+sqlite","code":"select\n instance_id,\n name,\n arn,\n status,\n instance_type,\n os_name_en,\n public_ip_address,\n private_ip_address,\n zone\nfrom\n alicloud_ecs_instance;","startLine":29,"endLine":42}],"isExampleQuery":true},"example_list_stopped_instances_that_you_are_still_being_charged_for":{"org":"turbot","tables":["alicloud.alicloud_ecs_instance"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_instance.md","folder":"ECS","title":"List stopped instances that you are still being charged for","titleLine":45,"name":"example_list_stopped_instances_that_you_are_still_being_charged_for","id":"example_list_stopped_instances_that_you_are_still_being_charged_for","description":"This query is useful for identifying instances that are in a stopped state but still incurring charges. It helps in managing costs by pinpointing areas where resources are not being optimally used.","descriptionStartLine":46,"queries":[{"lang":"sql+postgres","code":"select\n instance_id,\n name,\n status,\n stopped_mode,\n instance_type,\n os_name_en,\n public_ip_address,\n private_ip_address,\n zone\nfrom\n alicloud_ecs_instance\nwhere\n stopped_mode = 'KeepCharging';","startLine":47,"endLine":62},{"lang":"sql+sqlite","code":"select\n instance_id,\n name,\n status,\n stopped_mode,\n instance_type,\n os_name_en,\n public_ip_address,\n private_ip_address,\n zone\nfrom\n alicloud_ecs_instance\nwhere\n stopped_mode = 'KeepCharging';","startLine":64,"endLine":79}],"isExampleQuery":true},"example_list_linux_instances":{"org":"turbot","tables":["alicloud.alicloud_ecs_instance"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_instance.md","folder":"ECS","title":"List linux instances","titleLine":82,"name":"example_list_linux_instances","id":"example_list_linux_instances","description":"Identify instances where the operating system is Linux. This is useful for managing resources or troubleshooting specific issues related to Linux-based instances.","descriptionStartLine":83,"queries":[{"lang":"sql+postgres","code":"select\n instance_id,\n name,\n instance_type,\n os_name_en,\n zone\nfrom\n alicloud_ecs_instance\nwhere\n os_type = 'linux';","startLine":84,"endLine":95},{"lang":"sql+sqlite","code":"select\n instance_id,\n name,\n instance_type,\n os_name_en,\n zone\nfrom\n alicloud_ecs_instance\nwhere\n os_type = 'linux';","startLine":97,"endLine":108}],"isExampleQuery":true},"example_instance_count_in_each_zone":{"org":"turbot","tables":["alicloud.alicloud_ecs_instance"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_instance.md","folder":"ECS","title":"Instance count in each zone","titleLine":111,"name":"example_instance_count_in_each_zone","id":"example_instance_count_in_each_zone","description":"Determine the distribution of instances across various zones to balance and optimize resource allocation. This aids in planning infrastructure decisions and mitigating risk by avoiding over-reliance on a single zone.","descriptionStartLine":112,"queries":[{"lang":"sql+postgres","code":"select\n zone as az,\n count(*)\nfrom\n alicloud_ecs_instance\ngroup by\n zone;","startLine":114,"endLine":122},{"lang":"sql+sqlite","code":"select\n zone as az,\n count(*)\nfrom\n alicloud_ecs_instance\ngroup by\n zone;","startLine":124,"endLine":132}],"isExampleQuery":true},"example_count_the_number_of_instances_by_instance_type":{"org":"turbot","tables":["alicloud.alicloud_ecs_instance"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_instance.md","folder":"ECS","title":"Count the number of instances by instance type","titleLine":134,"name":"example_count_the_number_of_instances_by_instance_type","id":"example_count_the_number_of_instances_by_instance_type","description":"Assess the distribution of different instance types within your Alicloud Elastic Compute Service to better understand your resource usage. This can aid in optimizing your allocation strategy and managing costs more effectively.","descriptionStartLine":135,"queries":[{"lang":"sql+postgres","code":"select\n instance_type,\n count(instance_type) as count\nfrom\n alicloud_ecs_instance\ngroup by\n instance_type;","startLine":137,"endLine":145},{"lang":"sql+sqlite","code":"select\n instance_type,\n count(instance_type) as count\nfrom\n alicloud_ecs_instance\ngroup by\n instance_type;","startLine":147,"endLine":155}],"isExampleQuery":true},"example_list_of_instances_without_application_tag_key":{"org":"turbot","tables":["alicloud.alicloud_ecs_instance"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_instance.md","folder":"ECS","title":"List of instances without application tag key","titleLine":157,"name":"example_list_of_instances_without_application_tag_key","id":"example_list_of_instances_without_application_tag_key","description":"Identify instances where the 'application' tag key is missing, which could indicate a lack of necessary metadata for proper resource management and classification. This can be crucial for maintaining organized and efficient infrastructure in a cloud environment.","descriptionStartLine":158,"queries":[{"lang":"sql+postgres","code":"select\n instance_id,\n tags\nfrom\n alicloud_ecs_instance\nwhere\n tags ->> 'application' is null;","startLine":160,"endLine":168},{"lang":"sql+sqlite","code":"select\n instance_id,\n tags\nfrom\n alicloud_ecs_instance\nwhere\n json_extract(tags, '$.application') is null;","startLine":170,"endLine":178}],"isExampleQuery":true},"example_list_of_ecs_instances_provisioned_with_undesired_for_example_ecs_t5_lc2m1_nano_and_ecs_t6_c2m1_large_is_desired_instance_type_s_":{"org":"turbot","tables":["alicloud.alicloud_ecs_instance"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_instance.md","folder":"ECS","title":"List of ECS instances provisioned with undesired(for example ecs.t5-lc2m1.nano and ecs.t6-c2m1.large is desired) instance type(s)","titleLine":180,"name":"example_list_of_ecs_instances_provisioned_with_undesired_for_example_ecs_t5_lc2m1_nano_and_ecs_t6_c2m1_large_is_desired_instance_type_s_","id":"example_list_of_ecs_instances_provisioned_with_undesired_for_example_ecs_t5_lc2m1_nano_and_ecs_t6_c2m1_large_is_desired_instance_type_s_","description":"Identify instances where ECS instances are provisioned with undesired types, helping to manage resources and maintain preferred configurations.","descriptionStartLine":181,"queries":[{"lang":"sql+postgres","code":"select\n instance_type,\n count(*) as count\nfrom\n alicloud_ecs_instance\nwhere\n instance_type not in ('ecs.t5-lc2m1.nano', 'ecs.t6-c2m1.large')\ngroup by\n instance_type;","startLine":183,"endLine":193},{"lang":"sql+sqlite","code":"select\n instance_type,\n count(*) as count\nfrom\n alicloud_ecs_instance\nwhere\n instance_type not in ('ecs.t5-lc2m1.nano', 'ecs.t6-c2m1.large')\ngroup by\n instance_type;","startLine":195,"endLine":205}],"isExampleQuery":true},"example_list_ecs_instances_having_deletion_protection_safety_feature_disabled":{"org":"turbot","tables":["alicloud.alicloud_ecs_instance"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_instance.md","folder":"ECS","title":"List ECS instances having deletion protection safety feature disabled","titleLine":207,"name":"example_list_ecs_instances_having_deletion_protection_safety_feature_disabled","id":"example_list_ecs_instances_having_deletion_protection_safety_feature_disabled","description":"Determine the areas in which Elastic Compute Service (ECS) instances might be at risk due to disabled deletion protection. This query is useful to identify potential vulnerabilities and ensure data safety.","descriptionStartLine":208,"queries":[{"lang":"sql+postgres","code":"select\n instance_id,\n deletion_protection\nfrom\n alicloud_ecs_instance\nwhere\n not deletion_protection;","startLine":210,"endLine":218},{"lang":"sql+sqlite","code":"select\n instance_id,\n deletion_protection\nfrom\n alicloud_ecs_instance\nwhere\n deletion_protection = 0;","startLine":220,"endLine":228}],"isExampleQuery":true},"example_cpu_over_80_average":{"org":"turbot","tables":["alicloud.alicloud_ecs_instance_metric_cpu_utilization_hourly"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_instance_metric_cpu_utilization_hourly.md","folder":"ECS","title":"CPU Over 80% average","titleLine":43,"name":"example_cpu_over_80_average","id":"example_cpu_over_80_average","description":"Determine the areas in which the average CPU utilization exceeds 80% for hourly intervals. This query is useful for identifying potential performance issues or bottlenecks in your system.","descriptionStartLine":44,"queries":[{"lang":"sql+postgres","code":"select\n instance_id,\n timestamp,\n round(minimum::numeric,2) as min_cpu,\n round(maximum::numeric,2) as max_cpu,\n round(average::numeric,2) as avg_cpu\nfrom\n alicloud_ecs_instance_metric_cpu_utilization_hourly\nwhere average > 80\norder by\n instance_id,\n timestamp;","startLine":46,"endLine":59},{"lang":"sql+sqlite","code":"select\n instance_id,\n timestamp,\n round(minimum,2) as min_cpu,\n round(maximum,2) as max_cpu,\n round(average,2) as avg_cpu\nfrom\n alicloud_ecs_instance_metric_cpu_utilization_hourly\nwhere average > 80\norder by\n instance_id,\n timestamp;","startLine":61,"endLine":74}],"isExampleQuery":true},"example_list_key_pairs_older_than_30_days":{"org":"turbot","tables":["alicloud.alicloud_ecs_key_pair"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_key_pair.md","folder":"ECS","title":"List key pairs older than 30 days","titleLine":35,"name":"example_list_key_pairs_older_than_30_days","id":"example_list_key_pairs_older_than_30_days","description":"Discover key pairs that have been in existence for over 30 days. This is useful for maintaining security and access control by regularly updating or changing key pairs.","descriptionStartLine":36,"queries":[{"lang":"sql+postgres","code":"select\n name,\n key_pair_finger_print,\n creation_time,\n age(creation_time)\nfrom\n alicloud_ecs_key_pair\nwhere\n creation_time <= (current_date - interval '30' day)\norder by\n creation_time;","startLine":38,"endLine":50},{"lang":"sql+sqlite","code":"select\n name,\n key_pair_finger_print,\n creation_time,\n julianday('now') - julianday(creation_time) as age\nfrom\n alicloud_ecs_key_pair\nwhere\n julianday(creation_time) <= julianday(date('now','-30 day'))\norder by\n creation_time;","startLine":52,"endLine":64}],"isExampleQuery":true},"example_get_the_current_template_version_s_configuration":{"org":"turbot","tables":["alicloud.alicloud_ecs_launch_template"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_launch_template.md","folder":"ECS","title":"Get the current template version's configuration","titleLine":37,"name":"example_get_the_current_template_version_s_configuration","id":"example_get_the_current_template_version_s_configuration","description":"Explore the latest configurations of your virtual server templates, including details like instance type, charge type, image ID, and associated security groups. This can help in understanding your current setup and planning for any necessary changes or updates.","descriptionStartLine":38,"queries":[{"lang":"sql+postgres","code":"select\n name,\n latest_version_details -> 'LaunchTemplateData' ->> 'InstanceName' as instance_name,\n latest_version_details -> 'LaunchTemplateData' ->> 'InstanceType' as instance_type,\n latest_version_details -> 'LaunchTemplateData' ->> 'InternetChargeType' as instance_charge_type,\n latest_version_details -> 'LaunchTemplateData' ->> 'ImageId' as image_id,\n latest_version_details -> 'LaunchTemplateData' ->> 'VpcId' as vpc_id,\n latest_version_details -> 'LaunchTemplateData' ->> 'VSwitchId' as v_switch_id,\n latest_version_details -> 'LaunchTemplateData' ->> 'SecurityGroupId' as security_group_id\nfrom\n alicloud_ecs_launch_template;","startLine":40,"endLine":52},{"lang":"sql+sqlite","code":"select\n name,\n json_extract(latest_version_details, '$.LaunchTemplateData.InstanceName') as instance_name,\n json_extract(latest_version_details, '$.LaunchTemplateData.InstanceType') as instance_type,\n json_extract(latest_version_details, '$.LaunchTemplateData.InternetChargeType') as instance_charge_type,\n json_extract(latest_version_details, '$.LaunchTemplateData.ImageId') as image_id,\n json_extract(latest_version_details, '$.LaunchTemplateData.VpcId') as vpc_id,\n json_extract(latest_version_details, '$.LaunchTemplateData.VSwitchId') as v_switch_id,\n json_extract(latest_version_details, '$.LaunchTemplateData.SecurityGroupId') as security_group_id\nfrom\n alicloud_ecs_launch_template;","startLine":54,"endLine":66}],"isExampleQuery":true},"example_list_templates_that_use_encrypted_storage_disk":{"org":"turbot","tables":["alicloud.alicloud_ecs_launch_template"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_launch_template.md","folder":"ECS","title":"List templates that use encrypted storage disk","titleLine":68,"name":"example_list_templates_that_use_encrypted_storage_disk","id":"example_list_templates_that_use_encrypted_storage_disk","description":"Determine the areas in which encrypted storage disks are utilized within templates, focusing on those that are configured to be deleted along with the instance. This is useful for understanding your security measures and potential data loss risks.","descriptionStartLine":69,"queries":[{"lang":"sql+postgres","code":"select\n name,\n disk_config ->> 'Encrypted' as disk_encryption,\n disk_config ->> 'DeleteWithInstance' as delete_with_instance\nfrom\n alicloud_ecs_launch_template,\n jsonb_array_elements(latest_version_details -> 'LaunchTemplateData' -> 'DataDisks' -> 'DataDisk') as disk_config\nwhere\n (disk_config ->> 'Encrypted')::boolean\n and (disk_config ->> 'DeleteWithInstance')::boolean;","startLine":71,"endLine":82},{"lang":"sql+sqlite","code":"select\n name,\n json_extract(disk_config.value, '$.Encrypted') as disk_encryption,\n json_extract(disk_config.value, '$.DeleteWithInstance') as delete_with_instance\nfrom\n alicloud_ecs_launch_template,\n json_each(latest_version_details, '$.LaunchTemplateData.DataDisks.DataDisk') as disk_config\nwhere\n json_extract(disk_config.value, '$.Encrypted') = 'true'\n and json_extract(disk_config.value, '$.DeleteWithInstance') = 'true';","startLine":84,"endLine":95}],"isExampleQuery":true},"example_basic_eni_info":{"org":"turbot","tables":["alicloud.alicloud_ecs_network_interface"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_network_interface.md","folder":"ECS","title":"Basic ENI info","titleLine":12,"name":"example_basic_eni_info","id":"example_basic_eni_info","description":"Explore the status and details of network interfaces within your Alicloud Elastic Compute Service. This can be useful to manage network configurations and troubleshoot connectivity issues.","descriptionStartLine":13,"queries":[{"lang":"sql+postgres","code":"select\n network_interface_id,\n type,\n description,\n status,\n instance_id,\n private_ip_address,\n associated_public_ip_address,\n mac_address\nfrom\n alicloud_ecs_network_interface;","startLine":15,"endLine":27},{"lang":"sql+sqlite","code":"select\n network_interface_id,\n type,\n description,\n status,\n instance_id,\n private_ip_address,\n associated_public_ip_address,\n mac_address\nfrom\n alicloud_ecs_network_interface;","startLine":29,"endLine":41}],"isExampleQuery":true},"example_find_all_enis_with_private_ips_that_are_in_a_given_subnet_10_66_0_0_16_":{"org":"turbot","tables":["alicloud.alicloud_ecs_network_interface"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_network_interface.md","folder":"ECS","title":"Find all ENIs with private IPs that are in a given subnet (10.66.0.0/16)","titleLine":43,"name":"example_find_all_enis_with_private_ips_that_are_in_a_given_subnet_10_66_0_0_16_","id":"example_find_all_enis_with_private_ips_that_are_in_a_given_subnet_10_66_0_0_16_","description":"Explore which Elastic Network Interfaces (ENIs) with private IPs fall within a specific subnet. This is particularly useful in understanding network configurations and managing resources within a particular network range.","descriptionStartLine":44,"queries":[{"lang":"sql+postgres","code":"select\n network_interface_id,\n type,\n description,\n private_ip_address,\n associated_public_ip_address,\n mac_address\nfrom\n alicloud_ecs_network_interface\nwhere\n private_ip_address <<= '10.66.0.0/16';","startLine":46,"endLine":58},{"lang":"sql+sqlite","code":"Error: SQLite does not support CIDR operations.","startLine":60,"endLine":62}],"isExampleQuery":true},"example_count_of_enis_by_interface_type":{"org":"turbot","tables":["alicloud.alicloud_ecs_network_interface"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_network_interface.md","folder":"ECS","title":"Count of ENIs by interface type","titleLine":64,"name":"example_count_of_enis_by_interface_type","id":"example_count_of_enis_by_interface_type","description":"Analyze the variety of network interfaces in use to understand their distribution within your Alicloud Elastic Compute Service (ECS). This is useful for gauging network capacity and planning for potential upgrades or changes.","descriptionStartLine":65,"queries":[{"lang":"sql+postgres","code":"select\n type,\n count(type) as count\nfrom\n alicloud_ecs_network_interface\ngroup by\n type\norder by\n count desc;","startLine":67,"endLine":77},{"lang":"sql+sqlite","code":"select\n type,\n count(type) as count\nfrom\n alicloud_ecs_network_interface\ngroup by\n type\norder by\n count desc;","startLine":79,"endLine":89}],"isExampleQuery":true},"example_security_groups_attached_to_each_eni":{"org":"turbot","tables":["alicloud.alicloud_ecs_network_interface"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_network_interface.md","folder":"ECS","title":"Security groups attached to each ENI","titleLine":91,"name":"example_security_groups_attached_to_each_eni","id":"example_security_groups_attached_to_each_eni","description":"Determine the areas in which security groups are associated with each Elastic Network Interface (ENI). This allows you to understand your network's security layout and identify potential vulnerabilities or areas for improvement.","descriptionStartLine":92,"queries":[{"lang":"sql+postgres","code":"select\n network_interface_id as eni,\n sg\nfrom\n alicloud_ecs_network_interface\n cross join jsonb_array_elements(security_group_ids) as sg\norder by\n eni;","startLine":94,"endLine":103},{"lang":"sql+sqlite","code":"select\n network_interface_id as eni,\n sg.value as sg\nfrom\n alicloud_ecs_network_interface,\n json_each(security_group_ids) as sg\norder by\n eni;","startLine":105,"endLine":114}],"isExampleQuery":true},"example_find_enis_for_a_specific_instance":{"org":"turbot","tables":["alicloud.alicloud_ecs_network_interface"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_network_interface.md","folder":"ECS","title":"Find ENIs for a specific instance","titleLine":116,"name":"example_find_enis_for_a_specific_instance","id":"example_find_enis_for_a_specific_instance","description":"Gain insights into the network interfaces associated with a specific instance, including their status, type, and IP addresses. This can be useful for troubleshooting connectivity issues or understanding the network configuration of a particular instance.","descriptionStartLine":117,"queries":[{"lang":"sql+postgres","code":"select\n network_interface_id as eni,\n instance_id, \n status,\n type,\n description,\n private_ip_address,\n associated_public_ip_address,\n mac_address\nfrom\n alicloud_ecs_network_interface\nwhere \n instance_id = 'i-0xi8u2s0ezl5auigem8t'","startLine":118,"endLine":132},{"lang":"sql+sqlite","code":"select\n network_interface_id as eni,\n instance_id, \n status,\n type,\n description,\n private_ip_address,\n associated_public_ip_address,\n mac_address\nfrom\n alicloud_ecs_network_interface\nwhere \n instance_id = 'i-0xi8u2s0ezl5auigem8t'","startLine":134,"endLine":148}],"isExampleQuery":true},"example_get_details_for_a_specific_region":{"org":"turbot","tables":["alicloud.alicloud_ecs_zone"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_zone.md","folder":"ECS","title":"Get details for a specific region","titleLine":37,"name":"example_get_details_for_a_specific_region","id":"example_get_details_for_a_specific_region","description":"Determine the resources available in a specific geographical region. This is useful for planning and optimizing resource allocation for your operations in that region.","descriptionStartLine":38,"queries":[{"lang":"sql+postgres","code":"select\n zone_id,\n local_name,\n available_resource_creation,\n available_volume_categories,\n available_instance_types\nfrom\n alicloud_ecs_zone\nwhere\n zone_id = 'ap-south-1b';","startLine":40,"endLine":51},{"lang":"sql+sqlite","code":"select\n zone_id,\n local_name,\n available_resource_creation,\n available_volume_categories,\n available_instance_types\nfrom\n alicloud_ecs_zone\nwhere\n zone_id = 'ap-south-1b';","startLine":53,"endLine":64}],"isExampleQuery":true},"example_list_of_security_groups_where_all_instances_within_the_security_group_are_isolated_from_each_other":{"org":"turbot","tables":["alicloud.alicloud_ecs_security_group"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_security_group.md","folder":"ECS","title":"List of security groups where all instances within the security group are isolated from each other","titleLine":12,"name":"example_list_of_security_groups_where_all_instances_within_the_security_group_are_isolated_from_each_other","id":"example_list_of_security_groups_where_all_instances_within_the_security_group_are_isolated_from_each_other","description":"Determine the areas in which security groups are configured such that all instances within them are isolated from each other. This can be useful for identifying potential security risks and ensuring robust access control.","descriptionStartLine":13,"queries":[{"lang":"sql+postgres","code":"select\n name,\n security_group_id,\n type,\n inner_access_policy\nfrom\n alicloud_ecs_security_group\nwhere\n inner_access_policy = 'drop';","startLine":15,"endLine":25},{"lang":"sql+sqlite","code":"select\n name,\n security_group_id,\n type,\n inner_access_policy\nfrom\n alicloud_ecs_security_group\nwhere\n inner_access_policy = 'drop';","startLine":27,"endLine":37}],"isExampleQuery":true},"example_get_the_security_group_rules_of_each_security_group":{"org":"turbot","tables":["alicloud.alicloud_ecs_security_group"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_security_group.md","folder":"ECS","title":"Get the security group rules of each security group","titleLine":40,"name":"example_get_the_security_group_rules_of_each_security_group","id":"example_get_the_security_group_rules_of_each_security_group","description":"Explore the security settings of your system by identifying the rules of each security group. This is useful for auditing security measures and ensuring appropriate access controls are in place.","descriptionStartLine":41,"queries":[{"lang":"sql+postgres","code":"select\n name,\n security_group_id,\n p ->> 'IpProtocol' as ip_protocol_type,\n p ->> 'PortRange' as port_range,\n p ->> 'Direction' as direction,\n p ->> 'SourceCidrIp' as source_cidr_ip,\n p ->> 'SourcePortRange' as source_port_range\nfrom\n alicloud_ecs_security_group,\n jsonb_array_elements(permissions) as p;","startLine":43,"endLine":55},{"lang":"sql+sqlite","code":"select\n name,\n security_group_id,\n json_extract(p.value, '$.IpProtocol') as ip_protocol_type,\n json_extract(p.value, '$.PortRange') as port_range,\n json_extract(p.value, '$.Direction') as direction,\n json_extract(p.value, '$.SourceCidrIp') as source_cidr_ip,\n json_extract(p.value, '$.SourcePortRange') as source_port_range\nfrom\n alicloud_ecs_security_group,\n json_each(permissions) as p;","startLine":57,"endLine":69}],"isExampleQuery":true},"example_list_of_all_enterprise_security_groups":{"org":"turbot","tables":["alicloud.alicloud_ecs_security_group"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_security_group.md","folder":"ECS","title":"List of all enterprise security groups","titleLine":72,"name":"example_list_of_all_enterprise_security_groups","id":"example_list_of_all_enterprise_security_groups","description":"Explore which enterprise-level security groups are active in various regions. This can be useful for maintaining oversight of your security measures and ensuring they align with your company's standards.","descriptionStartLine":73,"queries":[{"lang":"sql+postgres","code":"select\n name,\n security_group_id,\n region_id,\n type\nfrom\n alicloud_ecs_security_group\nwhere\n type = 'enterprise';","startLine":75,"endLine":85},{"lang":"sql+sqlite","code":"select\n name,\n security_group_id,\n region_id,\n type\nfrom\n alicloud_ecs_security_group\nwhere\n type = 'enterprise';","startLine":87,"endLine":97}],"isExampleQuery":true},"example_count_of_security_groups_by_vpc_id":{"org":"turbot","tables":["alicloud.alicloud_ecs_security_group"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_security_group.md","folder":"ECS","title":"Count of security groups by VPC ID","titleLine":100,"name":"example_count_of_security_groups_by_vpc_id","id":"example_count_of_security_groups_by_vpc_id","description":"Analyze the settings to understand the distribution of security groups across different VPCs. This can aid in managing network access and security configurations more effectively.","descriptionStartLine":101,"queries":[{"lang":"sql+postgres","code":"select\n vpc_id,\n count(*) as count\nfrom\n alicloud_ecs_security_group\ngroup by\n vpc_id;","startLine":103,"endLine":111},{"lang":"sql+sqlite","code":"select\n vpc_id,\n count(*) as count\nfrom\n alicloud_ecs_security_group\ngroup by\n vpc_id;","startLine":113,"endLine":121}],"isExampleQuery":true},"example_get_the_security_group_rules_that_allow_inbound_public_access_to_all_tcp_or_udp_ports":"$59","example_get_the_security_group_rules_that_allow_inbound_public_access_to_all_tcp_or_udp_ports_along_with_instances_attached_to_them":{"org":"turbot","tables":["alicloud.alicloud_ecs_security_group"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_security_group.md","folder":"ECS","title":"Get the security group rules that allow inbound public access to all tcp or udp ports, along with instances attached to them","titleLine":171,"name":"example_get_the_security_group_rules_that_allow_inbound_public_access_to_all_tcp_or_udp_ports_along_with_instances_attached_to_them","id":"example_get_the_security_group_rules_that_allow_inbound_public_access_to_all_tcp_or_udp_ports_along_with_instances_attached_to_them","description":"This query is useful for identifying potential security vulnerabilities in your system. It reveals the security group rules that permit unrestricted inbound public access to all TCP or UDP ports, and also lists the instances associated with these rules. This can help in strengthening your system's security by pinpointing areas of potential weakness.","descriptionStartLine":172,"queries":[{"lang":"sql+postgres","code":"select\n i.name,\n i.instance_id,\n sg.name,\n sg.security_group_id,\n p ->> 'IpProtocol' as ip_protocol_type,\n p ->> 'PortRange' as port_range,\n p ->> 'Direction' as direction,\n p ->> 'SourceCidrIp' as source_cidr_ip,\n p ->> 'SourcePortRange' as source_port_range\nfrom\n alicloud_ecs_security_group as sg,\n jsonb_array_elements(permissions) as p,\n alicloud_ecs_instance as i,\n jsonb_array_elements_text(i.security_group_ids) as instance_sg\nwhere \n p ->> 'IpProtocol' in ('TCP', 'UDP', 'ALL') \n and p ->> 'Direction' = 'ingress'\n and p ->> 'SourceCidrIp' = '0.0.0.0/0'\n and (\n p ->> 'PortRange' = '-1/-1'\n or p ->> 'PortRange' = '1/65535'\n )\n and instance_sg = sg.security_group_id;","startLine":174,"endLine":199},{"lang":"sql+sqlite","code":"select\n i.name,\n i.instance_id,\n sg.name,\n sg.security_group_id,\n json_extract(p.value, '$.IpProtocol') as ip_protocol_type,\n json_extract(p.value, '$.PortRange') as port_range,\n json_extract(p.value, '$.Direction') as direction,\n json_extract(p.value, '$.SourceCidrIp') as source_cidr_ip,\n json_extract(p.value, '$.SourcePortRange') as source_port_range\nfrom\n alicloud_ecs_security_group as sg,\n json_each(permissions) as p,\n alicloud_ecs_instance as i,\n json_each(i.security_group_ids) as instance_sg\nwhere \n json_extract(p.value, '$.IpProtocol') in ('TCP', 'UDP', 'ALL') \n and json_extract(p.value, '$.Direction') = 'ingress'\n and json_extract(p.value, '$.SourceCidrIp') = '0.0.0.0/0'\n and (\n json_extract(p.value, '$.PortRange') = '-1/-1'\n or json_extract(p.value, '$.PortRange') = '1/65535'\n )\n and instance_sg.value = sg.security_group_id;","startLine":201,"endLine":226}],"isExampleQuery":true},"example_list_of_snapshots_which_are_not_encrypted":{"org":"turbot","tables":["alicloud.alicloud_ecs_snapshot"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_snapshot.md","folder":"ECS","title":"List of snapshots which are not encrypted","titleLine":12,"name":"example_list_of_snapshots_which_are_not_encrypted","id":"example_list_of_snapshots_which_are_not_encrypted","description":"Determine the areas in which snapshots lack encryption, allowing you to enhance your system's security by identifying potential vulnerabilities.","descriptionStartLine":13,"queries":[{"lang":"sql+postgres","code":"select\n name,\n snapshot_id,\n arn,\n encrypted\nfrom\n alicloud_ecs_snapshot\nwhere\n not encrypted;","startLine":15,"endLine":25},{"lang":"sql+sqlite","code":"select\n name,\n snapshot_id,\n arn,\n encrypted\nfrom\n alicloud_ecs_snapshot\nwhere\n encrypted = 0;","startLine":27,"endLine":37}],"isExampleQuery":true},"example_list_of_unused_snapshots":{"org":"turbot","tables":["alicloud.alicloud_ecs_snapshot"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_snapshot.md","folder":"ECS","title":"List of unused snapshots","titleLine":39,"name":"example_list_of_unused_snapshots","id":"example_list_of_unused_snapshots","description":"Discover the snapshots which are currently not in use within your Alicloud Elastic Compute Service. This can help in managing resources efficiently by identifying and removing unused elements.","descriptionStartLine":40,"queries":[{"lang":"sql+postgres","code":"select\n name,\n snapshot_id,\n type\nfrom\n alicloud_ecs_snapshot\nwhere\n usage = 'none';","startLine":42,"endLine":51},{"lang":"sql+sqlite","code":"select\n name,\n snapshot_id,\n type\nfrom\n alicloud_ecs_snapshot\nwhere\n usage = 'none';","startLine":53,"endLine":62}],"isExampleQuery":true},"example_find_the_snapshot_count_per_disk":{"org":"turbot","tables":["alicloud.alicloud_ecs_snapshot"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_snapshot.md","folder":"ECS","title":"Find the snapshot count per disk","titleLine":64,"name":"example_find_the_snapshot_count_per_disk","id":"example_find_the_snapshot_count_per_disk","description":"Uncover the details of how many snapshots each disk holds in your Alicloud ECS environment. This is useful in understanding the frequency of snapshots taken and can aid in storage management and cost optimization.","descriptionStartLine":65,"queries":[{"lang":"sql+postgres","code":"select\n source_disk_id,\n count(*) as snapshot\nfrom\n alicloud_ecs_snapshot\ngroup by\n source_disk_id;","startLine":67,"endLine":75},{"lang":"sql+sqlite","code":"select\n source_disk_id,\n count(*) as snapshot\nfrom\n alicloud_ecs_snapshot\ngroup by\n source_disk_id;","startLine":77,"endLine":85}],"isExampleQuery":true},"example_list_of_snapshots_without_owner_tag_key":{"org":"turbot","tables":["alicloud.alicloud_ecs_snapshot"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_snapshot.md","folder":"ECS","title":"List of snapshots without owner tag key","titleLine":87,"name":"example_list_of_snapshots_without_owner_tag_key","id":"example_list_of_snapshots_without_owner_tag_key","description":"Discover the segments that consist of snapshots lacking an 'owner' tag. This is particularly useful for identifying untagged resources that may lead to management issues or unnecessary costs.","descriptionStartLine":88,"queries":[{"lang":"sql+postgres","code":"select\n name,\n snapshot_id,\n tags\nfrom\n alicloud_ecs_snapshot\nwhere\n tags ->> 'owner' is null;","startLine":90,"endLine":99},{"lang":"sql+sqlite","code":"select\n name,\n snapshot_id,\n tags\nfrom\n alicloud_ecs_snapshot\nwhere\n json_extract(tags, '$.owner') is null;","startLine":101,"endLine":110}],"isExampleQuery":true},"example_list_of_snapshots_older_than_90_days":{"org":"turbot","tables":["alicloud.alicloud_ecs_snapshot"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ecs_snapshot.md","folder":"ECS","title":"List of snapshots older than 90 days","titleLine":112,"name":"example_list_of_snapshots_older_than_90_days","id":"example_list_of_snapshots_older_than_90_days","description":"Determine the areas in which snapshots are older than 90 days in order to identify potential areas for data cleanup or archival. This can help optimize storage use and manage costs effectively.","descriptionStartLine":113,"queries":[{"lang":"sql+postgres","code":"select\n name,\n snapshot_id,\n type,\n creation_time,\n age(creation_time),\n retention_days\nfrom\n alicloud_ecs_snapshot\nwhere\n creation_time <= (current_date - interval '90' day)\norder by\n creation_time;","startLine":115,"endLine":129},{"lang":"sql+sqlite","code":"select\n name,\n snapshot_id,\n type,\n creation_time,\n julianday('now') - julianday(creation_time) as age,\n retention_days\nfrom\n alicloud_ecs_snapshot\nwhere\n julianday(creation_time) <= julianday(date('now','-90 day'))\norder by\n creation_time;","startLine":131,"endLine":145}],"isExampleQuery":true}},"kms":{"example_list_keys_scheduled_for_deletion":{"org":"turbot","tables":["alicloud.alicloud_kms_key"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_kms_key.md","folder":"KMS","title":"List keys scheduled for deletion","titleLine":39,"name":"example_list_keys_scheduled_for_deletion","id":"example_list_keys_scheduled_for_deletion","description":"Discover the segments that are marked for deletion in the near future. This is useful for preemptively managing resources and ensuring system integrity by preventing unexpected loss of access to important keys.","descriptionStartLine":40,"queries":[{"lang":"sql+postgres","code":"select\n key_id,\n key_state,\n delete_date\nfrom\n alicloud_kms_key\nwhere\n key_state = 'PendingDeletion';","startLine":42,"endLine":51},{"lang":"sql+sqlite","code":"select\n key_id,\n key_state,\n delete_date\nfrom\n alicloud_kms_key\nwhere\n key_state = 'PendingDeletion';","startLine":53,"endLine":62}],"isExampleQuery":true},"example_list_keys_that_have_automatic_key_rotation_suspended":{"org":"turbot","tables":["alicloud.alicloud_kms_key"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_kms_key.md","folder":"KMS","title":"List keys that have automatic key rotation suspended","titleLine":64,"name":"example_list_keys_that_have_automatic_key_rotation_suspended","id":"example_list_keys_that_have_automatic_key_rotation_suspended","description":"Explore which encryption keys have had their automatic rotation feature suspended. This is useful for maintaining security standards, as keys that are not regularly rotated may pose a risk.","descriptionStartLine":65,"queries":[{"lang":"sql+postgres","code":"select\n key_id,\n automatic_rotation\nfrom\n alicloud_kms_key\nwhere\n automatic_rotation = 'Suspended';","startLine":67,"endLine":75},{"lang":"sql+sqlite","code":"select\n key_id,\n automatic_rotation\nfrom\n alicloud_kms_key\nwhere\n automatic_rotation = 'Suspended';","startLine":77,"endLine":85}],"isExampleQuery":true},"example_get_the_key_alias_info_for_each_key":{"org":"turbot","tables":["alicloud.alicloud_kms_key"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_kms_key.md","folder":"KMS","title":"Get the key alias info for each key","titleLine":87,"name":"example_get_the_key_alias_info_for_each_key","id":"example_get_the_key_alias_info_for_each_key","description":"Determine the alias details for each encryption key to manage and track your keys effectively. This helps in identifying and organizing your keys while maintaining security standards.","descriptionStartLine":88,"queries":[{"lang":"sql+postgres","code":"select\n alias ->> 'KeyId' as key_id,\n alias ->> 'AliasArn' as alias_arn,\n alias ->> 'AliasName' as alias_name\nfrom\n alicloud_kms_key,\n jsonb_array_elements(key_aliases) as alias;","startLine":90,"endLine":98},{"lang":"sql+sqlite","code":"select\n json_extract(alias.value, '$.KeyId') as key_id,\n json_extract(alias.value, '$.AliasArn') as alias_arn,\n json_extract(alias.value, '$.AliasName') as alias_name\nfrom\n alicloud_kms_key,\n json_each(key_aliases) as alias;","startLine":100,"endLine":108}],"isExampleQuery":true},"example_count_of_keys_per_region":{"org":"turbot","tables":["alicloud.alicloud_kms_key"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_kms_key.md","folder":"KMS","title":"Count of keys per region","titleLine":110,"name":"example_count_of_keys_per_region","id":"example_count_of_keys_per_region","description":"Example 1: \"Count of keys per region\"\nExplore which regions have the most keys in your AliCloud Key Management Service. This can help you understand the distribution of your keys and identify regions with a high concentration of keys.\nExample 2: \"List keys that have deletion protection disabled\"\nIdentify instances where keys in your AliCloud Key Management Service have deletion protection disabled. This can be useful in maintaining security standards and avoiding accidental data loss.","descriptionStartLine":111,"queries":[{"lang":"sql+postgres","code":"select\n region,\n count(*)\nfrom\n alicloud_kms_key\ngroup by\n region;","startLine":117,"endLine":125},{"lang":"sql+sqlite","code":"select\n region,\n count(*)\nfrom\n alicloud_kms_key\ngroup by\n region;","startLine":127,"endLine":135}],"isExampleQuery":true},"example_list_secrets_that_do_not_have_automatic_rotation_enabled":{"org":"turbot","tables":["alicloud.alicloud_kms_secret"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_kms_secret.md","folder":"KMS","title":"List secrets that do not have automatic rotation enabled","titleLine":37,"name":"example_list_secrets_that_do_not_have_automatic_rotation_enabled","id":"example_list_secrets_that_do_not_have_automatic_rotation_enabled","description":"Uncover the details of encryption secrets that are not set to auto-renew, potentially exposing your system to security risks. This is useful for identifying and rectifying weak points in your security infrastructure.","descriptionStartLine":38,"queries":[{"lang":"sql+postgres","code":"select\n name,\n secret_type automatic_rotation\nfrom\n alicloud_kms_secret\nwhere\n automatic_rotation <> 'Enabled';","startLine":40,"endLine":48},{"lang":"sql+sqlite","code":"select\n name,\n secret_type as automatic_rotation\nfrom\n alicloud_kms_secret\nwhere\n automatic_rotation != 'Enabled';","startLine":50,"endLine":58}],"isExampleQuery":true},"example_list_secrets_that_have_not_been_rotated_within_the_last_30_days":{"org":"turbot","tables":["alicloud.alicloud_kms_secret"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_kms_secret.md","folder":"KMS","title":"List secrets that have not been rotated within the last 30 days","titleLine":60,"name":"example_list_secrets_that_have_not_been_rotated_within_the_last_30_days","id":"example_list_secrets_that_have_not_been_rotated_within_the_last_30_days","description":"Explore which secrets have not been updated in the last month. This is useful for maintaining security standards and ensuring that sensitive information is regularly updated.","descriptionStartLine":61,"queries":[{"lang":"sql+postgres","code":"select\n name,\n secret_type,\n automatic_rotation\nfrom\n alicloud_kms_secret\nwhere\n last_rotation_date < (current_date - interval '30' day);","startLine":63,"endLine":72},{"lang":"sql+sqlite","code":"select\n name,\n secret_type,\n automatic_rotation\nfrom\n alicloud_kms_secret\nwhere\n last_rotation_date < date('now','-30 day');","startLine":74,"endLine":83}],"isExampleQuery":true},"example_get_the_extended_configuration_info_for_each_secret":{"org":"turbot","tables":["alicloud.alicloud_kms_secret"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_kms_secret.md","folder":"KMS","title":"Get the extended configuration info for each secret","titleLine":85,"name":"example_get_the_extended_configuration_info_for_each_secret","id":"example_get_the_extended_configuration_info_for_each_secret","description":"This query is useful for gaining insights into the extended configuration details of each secret, such as the associated database name and instance ID, as well as the secret subtype. It can help in understanding and managing the security aspects of your cloud resources.","descriptionStartLine":86,"queries":[{"lang":"sql+postgres","code":"select\n name,\n extended_config -> 'CustomData' ->> 'DBName' as db_name,\n extended_config ->> 'DBInstanceId' as db_instance_id,\n extended_config ->> 'SecretSubType' as secret_sub_type\nfrom\n alicloud_kms_secret;","startLine":88,"endLine":96},{"lang":"sql+sqlite","code":"select\n name,\n json_extract(json_extract(extended_config, '$.CustomData'), '$.DBName') as db_name,\n json_extract(extended_config, '$.DBInstanceId') as db_instance_id,\n json_extract(extended_config, '$.SecretSubType') as secret_sub_type\nfrom\n alicloud_kms_secret;","startLine":98,"endLine":106}],"isExampleQuery":true},"example_list_secrets_without_application_tag_key":{"org":"turbot","tables":["alicloud.alicloud_kms_secret"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_kms_secret.md","folder":"KMS","title":"List secrets without application tag key","titleLine":108,"name":"example_list_secrets_without_application_tag_key","id":"example_list_secrets_without_application_tag_key","description":"Discover the segments that have secrets without an application tag key. This is useful to identify and manage secrets that may not be associated with a specific application.","descriptionStartLine":109,"queries":[{"lang":"sql+postgres","code":"select\n name,\n tags\nfrom\n alicloud_kms_secret\nwhere\n not tags :: JSONB ? 'application';","startLine":111,"endLine":119},{"lang":"sql+sqlite","code":"select\n name,\n tags\nfrom\n alicloud_kms_secret\nwhere\n json_extract(tags, '$.application') is null;","startLine":121,"endLine":129}],"isExampleQuery":true}},"oss":{"example_list_of_buckets_where_versioning_is_not_enabled":{"org":"turbot","tables":["alicloud.alicloud_oss_bucket"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_oss_bucket.md","folder":"OSS","title":"List of buckets where versioning is not enabled","titleLine":12,"name":"example_list_of_buckets_where_versioning_is_not_enabled","id":"example_list_of_buckets_where_versioning_is_not_enabled","description":"Discover the segments that have not enabled versioning in their storage buckets. This is useful to identify potential areas of risk, as versioning provides a means of recovery in case of accidental deletion or alteration of data.","descriptionStartLine":13,"queries":[{"lang":"sql+postgres","code":"select\n name,\n arn,\n region,\n account_id,\n versioning\nfrom\n alicloud_oss_bucket\nwhere\n versioning <> 'Enabled';","startLine":15,"endLine":26},{"lang":"sql+sqlite","code":"select\n name,\n arn,\n region,\n account_id,\n versioning\nfrom\n alicloud_oss_bucket\nwhere\n versioning <> 'Enabled';","startLine":28,"endLine":39}],"isExampleQuery":true},"example_list_of_buckets_which_do_not_have_default_encryption_enabled":{"org":"turbot","tables":["alicloud.alicloud_oss_bucket"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_oss_bucket.md","folder":"OSS","title":"List of buckets which do not have default encryption enabled","titleLine":41,"name":"example_list_of_buckets_which_do_not_have_default_encryption_enabled","id":"example_list_of_buckets_which_do_not_have_default_encryption_enabled","description":"Explore which storage buckets lack default encryption, providing a useful way to identify potential security weaknesses in your data storage. This can help prioritize security enhancements and ensure data protection compliance.","descriptionStartLine":42,"queries":[{"lang":"sql+postgres","code":"select\n name,\n server_side_encryption\nfrom\n alicloud_oss_bucket\nwhere\n server_side_encryption ->> 'SSEAlgorithm' = '';","startLine":44,"endLine":52},{"lang":"sql+sqlite","code":"select\n name,\n server_side_encryption\nfrom\n alicloud_oss_bucket\nwhere\n json_extract(server_side_encryption, '$.SSEAlgorithm') = '';","startLine":54,"endLine":62}],"isExampleQuery":true},"example_list_of_buckets_where_public_access_to_bucket_is_not_blocked":{"org":"turbot","tables":["alicloud.alicloud_oss_bucket"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_oss_bucket.md","folder":"OSS","title":"List of buckets where public access to bucket is not blocked","titleLine":64,"name":"example_list_of_buckets_where_public_access_to_bucket_is_not_blocked","id":"example_list_of_buckets_where_public_access_to_bucket_is_not_blocked","description":"Explore which storage buckets have public access enabled, which could potentially expose sensitive data. This is useful for identifying and mitigating security risks associated with unauthorized data access.","descriptionStartLine":65,"queries":[{"lang":"sql+postgres","code":"select\n name,\n acl\nfrom\n alicloud_oss_bucket\nwhere\n acl <> 'private';","startLine":67,"endLine":75},{"lang":"sql+sqlite","code":"select\n name,\n acl\nfrom\n alicloud_oss_bucket\nwhere\n acl <> 'private';","startLine":77,"endLine":85}],"isExampleQuery":true},"example_list_of_buckets_where_server_access_logging_destination_is_same_as_the_source_bucket":{"org":"turbot","tables":["alicloud.alicloud_oss_bucket"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_oss_bucket.md","folder":"OSS","title":"List of buckets where server access logging destination is same as the source bucket","titleLine":87,"name":"example_list_of_buckets_where_server_access_logging_destination_is_same_as_the_source_bucket","id":"example_list_of_buckets_where_server_access_logging_destination_is_same_as_the_source_bucket","description":"Determine the areas in which server access logging destinations are identical to their source buckets. This is useful for identifying potential security risks, as it could indicate a lack of segregation between log data and source data.","descriptionStartLine":88,"queries":[{"lang":"sql+postgres","code":"select\n name,\n logging ->> 'TargetBucket' as target_bucket\nfrom\n alicloud_oss_bucket\nwhere\n logging ->> 'TargetBucket' = name;","startLine":90,"endLine":98},{"lang":"sql+sqlite","code":"select\n name,\n json_extract(logging, '$.TargetBucket') as target_bucket\nfrom\n alicloud_oss_bucket\nwhere\n json_extract(logging, '$.TargetBucket') = name;","startLine":100,"endLine":108}],"isExampleQuery":true},"example_list_of_buckets_without_owner_tag_key":{"org":"turbot","tables":["alicloud.alicloud_oss_bucket"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_oss_bucket.md","folder":"OSS","title":"List of buckets without owner tag key","titleLine":110,"name":"example_list_of_buckets_without_owner_tag_key","id":"example_list_of_buckets_without_owner_tag_key","description":"Explore which AliCloud OSS buckets lack an assigned owner. This can be crucial in managing resources and ensuring accountability within your cloud storage environment.","descriptionStartLine":111,"queries":[{"lang":"sql+postgres","code":"select\n name,\n tags\nfrom\n alicloud_oss_bucket\nwhere\n tags ->> 'owner' is null;","startLine":113,"endLine":121},{"lang":"sql+sqlite","code":"select\n name,\n tags\nfrom\n alicloud_oss_bucket\nwhere\n json_extract(tags, '$.owner') is null;","startLine":123,"endLine":131}],"isExampleQuery":true},"example_list_of_bucket_policy_statements_that_grant_external_access":{"org":"turbot","tables":["alicloud.alicloud_oss_bucket"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_oss_bucket.md","folder":"OSS","title":"List of Bucket policy statements that grant external access","titleLine":133,"name":"example_list_of_bucket_policy_statements_that_grant_external_access","id":"example_list_of_bucket_policy_statements_that_grant_external_access","description":"Identify instances where your OSS bucket policies may be granting external access. This is beneficial for assessing potential security vulnerabilities and ensuring that your data is protected.","descriptionStartLine":134,"queries":[{"lang":"sql+postgres","code":"select\n title,\n p as principal,\n a as action,\n s ->> 'Effect' as effect,\n s -> 'Condition' as conditions\nfrom\n alicloud_oss_bucket,\n jsonb_array_elements(policy -> 'Statement') as s,\n jsonb_array_elements_text(s -> 'Principal') as p,\n jsonb_array_elements_text(s -> 'Action') as a\nwhere\n s ->> 'Effect' = 'Allow'\n and (\n p != account_id\n or p = '*'\n );","startLine":136,"endLine":154},{"lang":"sql+sqlite","code":"select\n title,\n p.value as principal,\n a.value as action,\n json_extract(s.value, '$.Effect') as effect,\n json_extract(s.value, '$.Condition') as conditions\nfrom\n alicloud_oss_bucket,\n json_each(policy, '$.Statement') as s,\n json_each(s.value, '$.Principal') as p,\n json_each(s.value, '$.Action') as a\nwhere\n json_extract(s.value, '$.Effect') = 'Allow'\n and (\n p.value != account_id\n or p.value = '*'\n );","startLine":156,"endLine":174}],"isExampleQuery":true},"example_list_of_buckets_with_no_lifecycle_policy":{"org":"turbot","tables":["alicloud.alicloud_oss_bucket"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_oss_bucket.md","folder":"OSS","title":"List of buckets with no lifecycle policy","titleLine":176,"name":"example_list_of_buckets_with_no_lifecycle_policy","id":"example_list_of_buckets_with_no_lifecycle_policy","description":"Explore which storage buckets are missing a lifecycle policy, allowing you to identify potential areas of risk and implement necessary changes to enhance data management. This is particularly useful in maintaining compliance and optimizing storage costs.","descriptionStartLine":177,"queries":[{"lang":"sql+postgres","code":"select\n name,\n arn,\n region,\n account_id,\n lifecycle_rules\nfrom\n alicloud_oss_bucket\nwhere\n lifecycle_rules is null;","startLine":179,"endLine":190},{"lang":"sql+sqlite","code":"select\n name,\n arn,\n region,\n account_id,\n lifecycle_rules\nfrom\n alicloud_oss_bucket\nwhere\n lifecycle_rules is null;","startLine":192,"endLine":203}],"isExampleQuery":true}},"ram":{"example_list_of_access_keys_with_their_corresponding_user_name_and_date_of_creation":{"org":"turbot","tables":["alicloud.alicloud_ram_access_key"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_access_key.md","folder":"RAM","title":"List of access keys with their corresponding user name and date of creation","titleLine":12,"name":"example_list_of_access_keys_with_their_corresponding_user_name_and_date_of_creation","id":"example_list_of_access_keys_with_their_corresponding_user_name_and_date_of_creation","description":"Discover the segments that have access keys, their corresponding user names, and creation dates. This can be useful in managing and tracking user access within your system.","descriptionStartLine":13,"queries":[{"lang":"sql+postgres","code":"select\n access_key_id,\n user_name,\n create_date\nfrom\n alicloud_ram_access_key;","startLine":15,"endLine":22},{"lang":"sql+sqlite","code":"select\n access_key_id,\n user_name,\n create_date\nfrom\n alicloud_ram_access_key;","startLine":24,"endLine":31}],"isExampleQuery":true},"example_list_of_access_keys_which_are_inactive":{"org":"turbot","tables":["alicloud.alicloud_ram_access_key"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_access_key.md","folder":"RAM","title":"List of access keys which are inactive","titleLine":33,"name":"example_list_of_access_keys_which_are_inactive","id":"example_list_of_access_keys_which_are_inactive","description":"Determine the areas in which there are inactive access keys. This can be useful in maintaining security by identifying and managing unused access keys.","descriptionStartLine":34,"queries":[{"lang":"sql+postgres","code":"select\n access_key_id,\n user_name,\n status\nfrom\n alicloud_ram_access_key\nwhere\n status = 'Inactive';","startLine":36,"endLine":45},{"lang":"sql+sqlite","code":"select\n access_key_id,\n user_name,\n status\nfrom\n alicloud_ram_access_key\nwhere\n status = 'Inactive';","startLine":47,"endLine":56}],"isExampleQuery":true},"example_access_key_count_by_user_name":{"org":"turbot","tables":["alicloud.alicloud_ram_access_key"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_access_key.md","folder":"RAM","title":"Access key count by user name","titleLine":58,"name":"example_access_key_count_by_user_name","id":"example_access_key_count_by_user_name","description":"Identify instances where multiple access keys are associated with the same user in Alicloud. This can help in managing access keys effectively and improving security by limiting the number of access keys per user.","descriptionStartLine":59,"queries":[{"lang":"sql+postgres","code":"select\n user_name,\n count (access_key_id) as access_key_count\nfrom\n alicloud_ram_access_key\ngroup by\n user_name;","startLine":61,"endLine":69},{"lang":"sql+sqlite","code":"select\n user_name,\n count(access_key_id) as access_key_count\nfrom\n alicloud_ram_access_key\ngroup by\n user_name;","startLine":71,"endLine":79}],"isExampleQuery":true},"example_access_keys_older_than_90_days":{"org":"turbot","tables":["alicloud.alicloud_ram_access_key"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_access_key.md","folder":"RAM","title":"Access keys older than 90 days","titleLine":82,"name":"example_access_keys_older_than_90_days","id":"example_access_keys_older_than_90_days","description":"Determine the instances where access keys have been in use for more than 90 days. This can be beneficial for managing security and access control, as older keys may pose a higher risk if not regularly updated or reviewed.","descriptionStartLine":83,"queries":[{"lang":"sql+postgres","code":"select\n access_key_id,\n user_name,\n status\n create_date,\n age(create_date)\nfrom\n alicloud_ram_access_key\nwhere\n create_date <= (current_date - interval '90' day)\norder by\n create_date;","startLine":85,"endLine":98},{"lang":"sql+sqlite","code":"select\n access_key_id,\n user_name,\n status,\n create_date,\n julianday('now') - julianday(create_date)\nfrom\n alicloud_ram_access_key\nwhere\n julianday('now') - julianday(create_date) >= 90\norder by\n create_date;","startLine":100,"endLine":113}],"isExampleQuery":true},"example_list_users_that_have_logged_into_the_console_in_the_past_90_days":{"org":"turbot","tables":["alicloud.alicloud_ram_credential_report"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_credential_report.md","folder":"RAM","title":"List users that have logged into the console in the past 90 days","titleLine":12,"name":"example_list_users_that_have_logged_into_the_console_in_the_past_90_days","id":"example_list_users_that_have_logged_into_the_console_in_the_past_90_days","description":"Determine the areas in which users have been active in the past 90 days, focusing on those who have logged into the console. This can help in understanding user engagement and identifying patterns in user activity.","descriptionStartLine":13,"queries":[{"lang":"sql+postgres","code":"select\n user_name,\n user_last_logon\nfrom\n alicloud_ram_credential_report\nwhere\n password_exist\n and password_active\n and user_last_logon > (current_date - interval '90' day);","startLine":15,"endLine":25},{"lang":"sql+sqlite","code":"select\n user_name,\n user_last_logon\nfrom\n alicloud_ram_credential_report\nwhere\n password_exist = 1\n and password_active = 1\n and user_last_logon > date('now', '-90 day');","startLine":27,"endLine":37}],"isExampleQuery":true},"example_list_users_that_have_not_logged_into_the_console_in_the_past_90_days":{"org":"turbot","tables":["alicloud.alicloud_ram_credential_report"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_credential_report.md","folder":"RAM","title":"List users that have NOT logged into the console in the past 90 days","titleLine":39,"name":"example_list_users_that_have_not_logged_into_the_console_in_the_past_90_days","id":"example_list_users_that_have_not_logged_into_the_console_in_the_past_90_days","description":"Determine the areas in which users have not been active for over 90 days, focusing on those with existing and active passwords. This is useful for identifying potentially dormant or unused accounts, helping to maintain security and efficiency within your system.","descriptionStartLine":40,"queries":[{"lang":"sql+postgres","code":"select\n user_name,\n user_last_logon,\n age(user_last_logon)\nfrom\n alicloud_ram_credential_report\nwhere\n password_exist\n and password_active\n and user_last_logon <= (current_date - interval '90' day)\norder by\n user_last_logon;","startLine":42,"endLine":55},{"lang":"sql+sqlite","code":"select\n user_name,\n user_last_logon,\n julianday('now') - julianday(user_last_logon) as age\nfrom\n alicloud_ram_credential_report\nwhere\n password_exist\n and password_active\n and date(user_last_logon) <= date(julianday('now'), '-90 day')\norder by\n user_last_logon;","startLine":57,"endLine":70}],"isExampleQuery":true},"example_list_users_with_console_access_that_have_never_logged_in_to_the_console":{"org":"turbot","tables":["alicloud.alicloud_ram_credential_report"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_credential_report.md","folder":"RAM","title":"List users with console access that have never logged in to the console","titleLine":72,"name":"example_list_users_with_console_access_that_have_never_logged_in_to_the_console","id":"example_list_users_with_console_access_that_have_never_logged_in_to_the_console","description":"Determine the users who have console access but have never actually logged in. This can help identify unused accounts, enabling better management of user access and improving security by eliminating potential vulnerabilities.","descriptionStartLine":73,"queries":[{"lang":"sql+postgres","code":"select\n user_name\nfrom\n alicloud_ram_credential_report\nwhere\n password_exist\n and user_last_logon is null;","startLine":75,"endLine":83},{"lang":"sql+sqlite","code":"select\n user_name\nfrom\n alicloud_ram_credential_report\nwhere\n password_exist = 1\n and user_last_logon is null;","startLine":85,"endLine":93}],"isExampleQuery":true},"example_find_access_keys_older_than_90_days":{"org":"turbot","tables":["alicloud.alicloud_ram_credential_report"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_credential_report.md","folder":"RAM","title":"Find access keys older than 90 days","titleLine":95,"name":"example_find_access_keys_older_than_90_days","id":"example_find_access_keys_older_than_90_days","description":"Identify instances where user access keys are older than 90 days to ensure secure and up-to-date access management. This is useful for maintaining security standards and preventing potential unauthorized access.","descriptionStartLine":96,"queries":[{"lang":"sql+postgres","code":"select\n user_name,\n access_key_1_last_rotated,\n age(access_key_1_last_rotated) as access_key_1_age,\n access_key_2_last_rotated,\n age(access_key_2_last_rotated) as access_key_2_age\nfrom\n alicloud_ram_credential_report\nwhere\n access_key_1_last_rotated <= (current_date - interval '90' day)\n or access_key_2_last_rotated <= (current_date - interval '90' day)\norder by\n user_name;","startLine":98,"endLine":112},{"lang":"sql+sqlite","code":"select\n user_name,\n access_key_1_last_rotated,\n julianday('now') - julianday(access_key_1_last_rotated) as access_key_1_age,\n access_key_2_last_rotated,\n julianday('now') - julianday(access_key_2_last_rotated) as access_key_2_age\nfrom\n alicloud_ram_credential_report\nwhere\n julianday('now') - julianday(access_key_1_last_rotated) >= 90\n or julianday('now') - julianday(access_key_2_last_rotated) >= 90\norder by\n user_name;","startLine":114,"endLine":128}],"isExampleQuery":true},"example_find_users_that_have_a_console_password_but_do_not_have_mfa_enabled":{"org":"turbot","tables":["alicloud.alicloud_ram_credential_report"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_credential_report.md","folder":"RAM","title":"Find users that have a console password but do not have MFA enabled","titleLine":130,"name":"example_find_users_that_have_a_console_password_but_do_not_have_mfa_enabled","id":"example_find_users_that_have_a_console_password_but_do_not_have_mfa_enabled","description":"Determine the areas in which users have an active console password but lack multi-factor authentication (MFA). This query is useful for identifying potential security risks within your Alicloud resource access management.","descriptionStartLine":131,"queries":[{"lang":"sql+postgres","code":"select\n user_name,\n mfa_active,\n password_exist,\n password_active\nfrom\n alicloud_ram_credential_report\nwhere\n password_exist\n and password_active\n and not mfa_active;","startLine":133,"endLine":145},{"lang":"sql+sqlite","code":"select\n user_name,\n mfa_active,\n password_exist,\n password_active\nfrom\n alicloud_ram_credential_report\nwhere\n password_exist = 1\n and password_active = 1\n and mfa_active = 0;","startLine":147,"endLine":159}],"isExampleQuery":true},"example_check_if_root_login_has_mfa_enabled":{"org":"turbot","tables":["alicloud.alicloud_ram_credential_report"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_credential_report.md","folder":"RAM","title":"Check if root login has MFA enabled","titleLine":161,"name":"example_check_if_root_login_has_mfa_enabled","id":"example_check_if_root_login_has_mfa_enabled","description":"Determine if multi-factor authentication (MFA) is activated for the root login, enhancing security by requiring an additional verification step during authentication.","descriptionStartLine":162,"queries":[{"lang":"sql+postgres","code":"select\n user_name,\n mfa_active\nfrom\n alicloud_ram_credential_report\nwhere\n user_name = '';","startLine":164,"endLine":172},{"lang":"sql+sqlite","code":"select\n user_name,\n mfa_active\nfrom\n alicloud_ram_credential_report\nwhere\n user_name = '';","startLine":174,"endLine":182}],"isExampleQuery":true},"example_user_details_associated_with_each_ram_group":{"org":"turbot","tables":["alicloud.alicloud_ram_group"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_group.md","folder":"RAM","title":"User details associated with each RAM group","titleLine":12,"name":"example_user_details_associated_with_each_ram_group","id":"example_user_details_associated_with_each_ram_group","description":"Determine the areas in which users are associated with each RAM group in Alicloud. This can help in better understanding the group distribution and user management within your Alicloud environment.","descriptionStartLine":13,"queries":[{"lang":"sql+postgres","code":"select\n name as group_name,\n iam_user ->> 'UserName' as user_name,\n iam_user ->> 'DisplayName' as display_name,\n iam_user ->> 'JoinDate' as user_join_date\nfrom\n alicloud_ram_group\n cross join jsonb_array_elements(users) as iam_user;","startLine":15,"endLine":24},{"lang":"sql+sqlite","code":"select\n name as group_name,\n json_extract(iam_user.value, '$.UserName') as user_name,\n json_extract(iam_user.value, '$.DisplayName') as display_name,\n json_extract(iam_user.value, '$.JoinDate') as user_join_date\nfrom\n alicloud_ram_group,\n json_each(users) as iam_user;","startLine":26,"endLine":35}],"isExampleQuery":true},"example_list_the_policies_attached_to_each_ram_group":{"org":"turbot","tables":["alicloud.alicloud_ram_group"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_group.md","folder":"RAM","title":"List the policies attached to each RAM group","titleLine":37,"name":"example_list_the_policies_attached_to_each_ram_group","id":"example_list_the_policies_attached_to_each_ram_group","description":"Explore the various policies attached to each RAM group, including the policy type, default version, and attachment date. This can help in understanding the security measures and access controls in place for each group.","descriptionStartLine":38,"queries":[{"lang":"sql+postgres","code":"select\n name as group_name,\n policies ->> 'PolicyName' as policy_name,\n policies ->> 'PolicyType' as policy_type,\n policies ->> 'DefaultVersion' as policy_default_version,\n policies ->> 'AttachDate' as policy_attachment_date\nfrom\n alicloud_ram_group,\n jsonb_array_elements(attached_policy) as policies;","startLine":40,"endLine":50},{"lang":"sql+sqlite","code":"select\n name as group_name,\n json_extract(policies.value, '$.PolicyName') as policy_name,\n json_extract(policies.value, '$.PolicyType') as policy_type,\n json_extract(policies.value, '$.DefaultVersion') as policy_default_version,\n json_extract(policies.value, '$.AttachDate') as policy_attachment_date\nfrom\n alicloud_ram_group,\n json_each(attached_policy) as policies;","startLine":52,"endLine":62}],"isExampleQuery":true},"example_list_of_ram_groups_with_no_users_added_to_it":{"org":"turbot","tables":["alicloud.alicloud_ram_group"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_group.md","folder":"RAM","title":"List of RAM groups with no users added to it","titleLine":64,"name":"example_list_of_ram_groups_with_no_users_added_to_it","id":"example_list_of_ram_groups_with_no_users_added_to_it","description":"Determine the areas in which RAM groups have been created but no users have been added. This can help in identifying unused resources and optimizing resource allocation.","descriptionStartLine":65,"queries":[{"lang":"sql+postgres","code":"select\n name as group_name,\n create_date,\n users\nfrom\n alicloud_ram_group\nwhere\n users = '[]';","startLine":67,"endLine":76},{"lang":"sql+sqlite","code":"select\n name as group_name,\n create_date,\n users\nfrom\n alicloud_ram_group\nwhere\n users = '[]';","startLine":78,"endLine":87}],"isExampleQuery":true},"example_ensure_ram_password_policy_requires_at_least_one_uppercase_letter_cis_v1_1_7_":{"org":"turbot","tables":["alicloud.alicloud_ram_password_policy"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_password_policy.md","folder":"RAM","title":"Ensure RAM password policy requires at least one uppercase letter (CIS v1.1.7)","titleLine":12,"name":"example_ensure_ram_password_policy_requires_at_least_one_uppercase_letter_cis_v1_1_7_","id":"example_ensure_ram_password_policy_requires_at_least_one_uppercase_letter_cis_v1_1_7_","description":"Assess the elements within your Alicloud RAM password policy to verify if it mandates the inclusion of at least one uppercase letter. This aids in enhancing password security, aligning with the CIS v1.1.7 benchmark.","descriptionStartLine":13,"queries":[{"lang":"sql+postgres","code":"select\n require_uppercase_characters,\n case require_uppercase_characters\n when true then 'pass'\n else 'fail'\n end as status\nfrom\n alicloud_ram_password_policy;","startLine":15,"endLine":24},{"lang":"sql+sqlite","code":"select\n require_uppercase_characters,\n case require_uppercase_characters\n when 1 then 'pass'\n else 'fail'\n end as status\nfrom\n alicloud_ram_password_policy;","startLine":26,"endLine":35}],"isExampleQuery":true},"example_ensure_ram_password_policy_requires_at_least_one_lowercase_letter_cis_v1_1_8_":{"org":"turbot","tables":["alicloud.alicloud_ram_password_policy"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_password_policy.md","folder":"RAM","title":"Ensure RAM password policy requires at least one lowercase letter (CIS v1.1.8)","titleLine":37,"name":"example_ensure_ram_password_policy_requires_at_least_one_lowercase_letter_cis_v1_1_8_","id":"example_ensure_ram_password_policy_requires_at_least_one_lowercase_letter_cis_v1_1_8_","description":"Assess the security of your password policy by determining if it necessitates the inclusion of at least one lowercase letter. This can help enhance your system's protection by ensuring passwords are more complex and harder to guess.","descriptionStartLine":38,"queries":[{"lang":"sql+postgres","code":"select\n require_lowercase_characters,\n case require_lowercase_characters\n when true then 'pass'\n else 'fail'\n end as status\nfrom\n alicloud_ram_password_policy;","startLine":40,"endLine":49},{"lang":"sql+sqlite","code":"select\n require_lowercase_characters,\n case require_lowercase_characters\n when 1 then 'pass'\n else 'fail'\n end as status\nfrom\n alicloud_ram_password_policy;","startLine":51,"endLine":60}],"isExampleQuery":true},"example_ensure_ram_password_policy_requires_at_least_one_symbol_cis_v1_1_9_":{"org":"turbot","tables":["alicloud.alicloud_ram_password_policy"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_password_policy.md","folder":"RAM","title":"Ensure RAM password policy requires at least one symbol (CIS v1.1.9)","titleLine":62,"name":"example_ensure_ram_password_policy_requires_at_least_one_symbol_cis_v1_1_9_","id":"example_ensure_ram_password_policy_requires_at_least_one_symbol_cis_v1_1_9_","description":"This example helps in assessing the security of your password policy by determining whether it mandates the inclusion of at least one symbol. This is crucial for enhancing password strength and reducing the risk of unauthorized access.","descriptionStartLine":63,"queries":[{"lang":"sql+postgres","code":"select\n require_symbols,\n case require_symbols\n when true then 'pass'\n else 'fail'\n end as status\nfrom\n alicloud_ram_password_policy;","startLine":65,"endLine":74},{"lang":"sql+sqlite","code":"select\n require_symbols,\n case require_symbols\n when 1 then 'pass'\n else 'fail'\n end as status\nfrom\n alicloud_ram_password_policy;","startLine":76,"endLine":85}],"isExampleQuery":true},"example_ensure_ram_password_policy_require_at_least_one_number_cis_v1_1_10_":{"org":"turbot","tables":["alicloud.alicloud_ram_password_policy"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_password_policy.md","folder":"RAM","title":"Ensure RAM password policy require at least one number (CIS v1.1.10)","titleLine":87,"name":"example_ensure_ram_password_policy_require_at_least_one_number_cis_v1_1_10_","id":"example_ensure_ram_password_policy_require_at_least_one_number_cis_v1_1_10_","description":"Assess the elements within your Alicloud RAM password policy to ensure it mandates the inclusion of at least one numerical value, providing a simple pass or fail status. This aids in maintaining robust security standards as per the CIS v1.1.10 guidelines.","descriptionStartLine":88,"queries":[{"lang":"sql+postgres","code":"select\n require_numbers,\n case require_numbers\n when true then 'pass'\n else 'fail'\n end as status\nfrom\n alicloud_ram_password_policy;","startLine":90,"endLine":99},{"lang":"sql+sqlite","code":"select\n require_numbers,\n case require_numbers\n when 1 then 'pass'\n else 'fail'\n end as status\nfrom\n alicloud_ram_password_policy;","startLine":101,"endLine":110}],"isExampleQuery":true},"example_ensure_ram_password_policy_requires_minimum_length_of_14_or_greater_cis_v1_1_11_":{"org":"turbot","tables":["alicloud.alicloud_ram_password_policy"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_password_policy.md","folder":"RAM","title":"Ensure RAM password policy requires minimum length of 14 or greater (CIS v1.1.11)","titleLine":112,"name":"example_ensure_ram_password_policy_requires_minimum_length_of_14_or_greater_cis_v1_1_11_","id":"example_ensure_ram_password_policy_requires_minimum_length_of_14_or_greater_cis_v1_1_11_","description":"Determine the strength of your password policy by checking if it requires a minimum length of 14 characters or more. This can help ensure your system's security by enforcing robust password requirements.","descriptionStartLine":113,"queries":[{"lang":"sql+postgres","code":"select\n minimum_password_length,\n case minimum_password_length >= 14\n when true then 'pass'\n else 'fail'\n end as status\nfrom\n alicloud_ram_password_policy;","startLine":115,"endLine":124},{"lang":"sql+sqlite","code":"select\n minimum_password_length,\n case when minimum_password_length >= 14\n then 'pass'\n else 'fail'\n end as status\nfrom\n alicloud_ram_password_policy;","startLine":126,"endLine":135}],"isExampleQuery":true},"example_list_system_policies":{"org":"turbot","tables":["alicloud.alicloud_ram_policy"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_policy.md","folder":"RAM","title":"List system policies","titleLine":37,"name":"example_list_system_policies","id":"example_list_system_policies","description":"Determine the areas in which system policies are implemented for better understanding of the default versions and descriptions. This can aid in assessing the elements within your Alicloud RAM policy, offering insights into your system's security configuration.","descriptionStartLine":38,"queries":[{"lang":"sql+postgres","code":"select\n policy_name,\n policy_type,\n description,\n default_version,\n policy_document\nfrom\n alicloud_ram_policy\nwhere\n policy_type = 'System';","startLine":40,"endLine":51},{"lang":"sql+sqlite","code":"select\n policy_name,\n policy_type,\n description,\n default_version,\n policy_document\nfrom\n alicloud_ram_policy\nwhere\n policy_type = 'System';","startLine":53,"endLine":64}],"isExampleQuery":true},"example_list_custom_policies":{"org":"turbot","tables":["alicloud.alicloud_ram_policy"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_policy.md","folder":"RAM","title":"List custom policies","titleLine":66,"name":"example_list_custom_policies","id":"example_list_custom_policies","description":"Explore which custom policies are in place within your system. This allows you to gain insights into the policy name, type, description, default version, and policy document, helping you better manage and understand your system's security measures.","descriptionStartLine":67,"queries":[{"lang":"sql+postgres","code":"select\n policy_name,\n policy_type,\n description,\n default_version,\n policy_document\nfrom\n alicloud_ram_policy\nwhere\n policy_type = 'Custom';","startLine":69,"endLine":80},{"lang":"sql+sqlite","code":"select\n policy_name,\n policy_type,\n description,\n default_version,\n policy_document\nfrom\n alicloud_ram_policy\nwhere\n policy_type = 'Custom';","startLine":82,"endLine":93}],"isExampleQuery":true},"example_list_policies_with_statements_granting_full_access":{"org":"turbot","tables":["alicloud.alicloud_ram_policy"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_policy.md","folder":"RAM","title":"List policies with statements granting full access","titleLine":95,"name":"example_list_policies_with_statements_granting_full_access","id":"example_list_policies_with_statements_granting_full_access","description":"Determine the areas in which policies are granting full access. This is useful for assessing potential security vulnerabilities and ensuring that access permissions align with your organization's security protocols.","descriptionStartLine":96,"queries":[{"lang":"sql+postgres","code":"select\n policy_name,\n policy_type,\n action,\n s ->> 'Effect' as effect\nfrom\n alicloud_ram_policy,\n jsonb_array_elements(policy_document_std -> 'Statement') as s,\n jsonb_array_elements_text(s -> 'Action') as action\nwhere\n action in ('*', '*:*')\n and s ->> 'Effect' = 'Allow';","startLine":98,"endLine":111},{"lang":"sql+sqlite","code":"select\n policy_name,\n policy_type,\n action.value as action,\n json_extract(s.value, '$.Effect') as effect\nfrom\n alicloud_ram_policy,\n json_each(policy_document_std, '$.Statement') as s,\n json_each(s.value, '$.Action') as action\nwhere\n action.value in ('*', '*:*')\n and json_extract(s.value, '$.Effect') = 'Allow';","startLine":113,"endLine":126}],"isExampleQuery":true},"example_list_the_policies_attached_to_the_roles":{"org":"turbot","tables":["alicloud.alicloud_ram_role"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_role.md","folder":"RAM","title":"List the policies attached to the roles","titleLine":12,"name":"example_list_the_policies_attached_to_the_roles","id":"example_list_the_policies_attached_to_the_roles","description":"This query is used to gain insights into the various policies attached to different roles within your Alicloud RAM. It allows you to assess the elements within each role's policy, such as the policy's name, type, default version, and attachment date, providing a comprehensive overview of your role-based access controls.","descriptionStartLine":13,"queries":[{"lang":"sql+postgres","code":"select\n name,\n policies ->> 'PolicyName' as policy_name,\n policies ->> 'PolicyType' as policy_type,\n policies ->> 'DefaultVersion' as policy_default_version,\n policies ->> 'AttachDate' as policy_attachment_date\nfrom\n alicloud_ram_role,\n jsonb_array_elements(attached_policy) as policies\norder by name;","startLine":15,"endLine":26},{"lang":"sql+sqlite","code":"select\n name,\n json_extract(policies.value, '$.PolicyName') as policy_name,\n json_extract(policies.value, '$.PolicyType') as policy_type,\n json_extract(policies.value, '$.DefaultVersion') as policy_default_version,\n json_extract(policies.value, '$.AttachDate') as policy_attachment_date\nfrom\n alicloud_ram_role,\n json_each(attached_policy) as policies\norder by name;","startLine":28,"endLine":39}],"isExampleQuery":true},"example_find_all_roles_having_administrator_access":{"org":"turbot","tables":["alicloud.alicloud_ram_role"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_role.md","folder":"RAM","title":"Find all roles having Administrator access","titleLine":41,"name":"example_find_all_roles_having_administrator_access","id":"example_find_all_roles_having_administrator_access","description":"Discover the segments that have Administrator access within a system. This is particularly useful for auditing purposes, ensuring only the correct roles have such high-level permissions.","descriptionStartLine":42,"queries":[{"lang":"sql+postgres","code":"select\n name,\n policies ->> 'PolicyName' as policy_name\nfrom\n alicloud_ram_role,\n jsonb_array_elements(attached_policy) as policies\nwhere \n policies ->> 'PolicyName' = 'AdministratorAccess';","startLine":44,"endLine":53},{"lang":"sql+sqlite","code":"select\n name,\n json_extract(policies.value, '$.PolicyName') as policy_name\nfrom\n alicloud_ram_role,\n json_each(attached_policy) as policies\nwhere \n json_extract(policies.value, '$.PolicyName') = 'AdministratorAccess';","startLine":55,"endLine":64}],"isExampleQuery":true},"example_find_all_roles_grant_cross_account_access_in_the_trust_policy":{"org":"turbot","tables":["alicloud.alicloud_ram_role"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_role.md","folder":"RAM","title":"Find all roles grant cross-account access in the Trust Policy","titleLine":68,"name":"example_find_all_roles_grant_cross_account_access_in_the_trust_policy","id":"example_find_all_roles_grant_cross_account_access_in_the_trust_policy","description":"This query allows you to identify roles that have been granted access to other accounts within the Trust Policy, providing a way to review and manage cross-account permissions. This can be useful in maintaining security and control over data access across multiple accounts.","descriptionStartLine":69,"queries":[{"lang":"sql+postgres","code":"select\n name,\n principal,\n split_part(principal, ':', 4) as foreign_account\nfrom\n alicloud_ram_role,\n jsonb_array_elements(assume_role_policy_document -> 'Statement') as stmt,\n jsonb_array_elements_text(stmt -> 'Principal' -> 'RAM') as principal\nwhere \n split_part(principal, ':',4) <> account_id;","startLine":71,"endLine":82},{"lang":"sql+sqlite","code":"Error: SQLite does not support split or string_to_array functions.","startLine":84,"endLine":86}],"isExampleQuery":true},"example_basic_security_preference_info":{"org":"turbot","tables":["alicloud.alicloud_ram_security_preference"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_security_preference.md","folder":"RAM","title":"Basic security preference info","titleLine":13,"name":"example_basic_security_preference_info","id":"example_basic_security_preference_info","description":"This query is useful to gain insights into the different security preferences and their settings in Alicloud RAM. It helps in assessing whether users have the permissions to change passwords, manage access keys, MFA devices, public keys, and the duration of login sessions, thereby aiding in understanding the security posture of your Alicloud environment.","descriptionStartLine":14,"queries":[{"lang":"sql+postgres","code":"select\n allow_user_to_change_password,\n allow_user_to_manage_access_keys,\n allow_user_to_manage_mfa_devices,\n allow_user_to_manage_public_keys,\n enable_save_mfa_ticket,\n login_session_duration\nfrom\n alicloud_ram_security_preference;","startLine":16,"endLine":26},{"lang":"sql+sqlite","code":"select\n allow_user_to_change_password,\n allow_user_to_manage_access_keys,\n allow_user_to_manage_mfa_devices,\n allow_user_to_manage_public_keys,\n enable_save_mfa_ticket,\n login_session_duration\nfrom\n alicloud_ram_security_preference;","startLine":28,"endLine":38}],"isExampleQuery":true},"example_check_if_user_have_access_to_change_password":{"org":"turbot","tables":["alicloud.alicloud_ram_security_preference"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_security_preference.md","folder":"RAM","title":"Check if user have access to change password","titleLine":40,"name":"example_check_if_user_have_access_to_change_password","id":"example_check_if_user_have_access_to_change_password","description":"Explore which Alicloud users have the ability to change their passwords. This can be crucial for maintaining account security and ensuring users can manage their own credentials.","descriptionStartLine":41,"queries":[{"lang":"sql+postgres","code":"select\n allow_user_to_change_password\nfrom\n alicloud_ram_security_preference;","startLine":43,"endLine":48},{"lang":"sql+sqlite","code":"select\n allow_user_to_change_password\nfrom\n alicloud_ram_security_preference;","startLine":50,"endLine":55}],"isExampleQuery":true},"example_check_if_user_have_access_to_manage_public_access_key":{"org":"turbot","tables":["alicloud.alicloud_ram_security_preference"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_security_preference.md","folder":"RAM","title":"Check if user have access to manage public access key","titleLine":57,"name":"example_check_if_user_have_access_to_manage_public_access_key","id":"example_check_if_user_have_access_to_manage_public_access_key","description":"Determine if users have the necessary permissions to manage public access keys. This can help in maintaining security by ensuring only authorized individuals can handle sensitive keys.","descriptionStartLine":58,"queries":[{"lang":"sql+postgres","code":"select\n allow_user_to_manage_public_keys\nfrom\n alicloud_ram_security_preference;","startLine":60,"endLine":65},{"lang":"sql+sqlite","code":"select\n allow_user_to_manage_public_keys\nfrom\n alicloud_ram_security_preference;","startLine":67,"endLine":72}],"isExampleQuery":true},"example_get_the_log_on_session_duration_of_user":{"org":"turbot","tables":["alicloud.alicloud_ram_security_preference"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_security_preference.md","folder":"RAM","title":"Get the log on session duration of User","titleLine":74,"name":"example_get_the_log_on_session_duration_of_user","id":"example_get_the_log_on_session_duration_of_user","description":"Analyze the duration of user login sessions to understand their activity patterns and potential security risks.","descriptionStartLine":75,"queries":[{"lang":"sql+postgres","code":"select\n login_session_duration\nfrom\n alicloud_ram_security_preference;","startLine":77,"endLine":82},{"lang":"sql+sqlite","code":"select\n login_session_duration\nfrom\n alicloud_ram_security_preference;","startLine":84,"endLine":89}],"isExampleQuery":true},"example_basic_user_info":{"org":"turbot","tables":["alicloud.alicloud_ram_user"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_user.md","folder":"RAM","title":"Basic user info","titleLine":12,"name":"example_basic_user_info","id":"example_basic_user_info","description":"Gain insights into the basic information of users within your Alicloud resource access management system. This is beneficial for managing user identities and controlling access to your resources.","descriptionStartLine":13,"queries":[{"lang":"sql+postgres","code":"select\n user_id,\n name,\n display_name\nfrom\n alicloud_ram_user;","startLine":15,"endLine":22},{"lang":"sql+sqlite","code":"select\n user_id,\n name,\n display_name\nfrom\n alicloud_ram_user;","startLine":24,"endLine":31}],"isExampleQuery":true},"example_users_who_have_not_logged_in_for_30_days":{"org":"turbot","tables":["alicloud.alicloud_ram_user"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_user.md","folder":"RAM","title":"Users who have not logged in for 30 days","titleLine":33,"name":"example_users_who_have_not_logged_in_for_30_days","id":"example_users_who_have_not_logged_in_for_30_days","description":"Identify instances where users have been inactive for a month. This can be useful to monitor user engagement and potentially re-engage inactive users.","descriptionStartLine":34,"queries":[{"lang":"sql+postgres","code":"select\n name,\n last_login_date\nfrom\n alicloud_ram_user\nwhere\n last_login_date < current_date - interval '30 days';","startLine":36,"endLine":44},{"lang":"sql+sqlite","code":"select\n name,\n last_login_date\nfrom\n alicloud_ram_user\nwhere\n last_login_date < date('now','-30 day');","startLine":46,"endLine":54}],"isExampleQuery":true},"example_users_who_have_never_logged_in":{"org":"turbot","tables":["alicloud.alicloud_ram_user"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_user.md","folder":"RAM","title":"Users who have never logged in","titleLine":56,"name":"example_users_who_have_never_logged_in","id":"example_users_who_have_never_logged_in","description":"Identify users who have yet to log in for the first time. This can be useful for understanding user engagement and identifying potentially inactive accounts.","descriptionStartLine":57,"queries":[{"lang":"sql+postgres","code":"select\n name,\n last_login_date\nfrom\n alicloud_ram_user\nwhere\n last_login_date is null;","startLine":59,"endLine":67},{"lang":"sql+sqlite","code":"select\n name,\n last_login_date\nfrom\n alicloud_ram_user\nwhere\n last_login_date is null;","startLine":69,"endLine":77}],"isExampleQuery":true},"example_groups_details_to_which_the_ram_user_belongs":{"org":"turbot","tables":["alicloud.alicloud_ram_user"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_user.md","folder":"RAM","title":"Groups details to which the RAM user belongs","titleLine":79,"name":"example_groups_details_to_which_the_ram_user_belongs","id":"example_groups_details_to_which_the_ram_user_belongs","description":"This query is useful for identifying which groups a particular RAM user belongs to and when they joined those groups. This could be beneficial for managing user permissions and access within an Alicloud environment.","descriptionStartLine":80,"queries":[{"lang":"sql+postgres","code":"select\n name as user_name,\n iam_group ->> 'GroupName' as group_name,\n iam_group ->> 'JoinDate' as join_date\nfrom\n alicloud_ram_user,\n jsonb_array_elements(groups) as iam_group;","startLine":82,"endLine":90},{"lang":"sql+sqlite","code":"select\n name as user_name,\n json_extract(iam_group.value, '$.GroupName') as group_name,\n json_extract(iam_group.value, '$.JoinDate') as join_date\nfrom\n alicloud_ram_user,\n json_each(groups) as iam_group;","startLine":92,"endLine":100}],"isExampleQuery":true},"example_list_all_the_users_having_administrator_access":{"org":"turbot","tables":["alicloud.alicloud_ram_user"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_user.md","folder":"RAM","title":"List all the users having Administrator access","titleLine":102,"name":"example_list_all_the_users_having_administrator_access","id":"example_list_all_the_users_having_administrator_access","description":"Determine the areas in which users have been granted administrative access. This is useful for auditing security and ensuring that only authorized individuals have high-level permissions.","descriptionStartLine":103,"queries":[{"lang":"sql+postgres","code":"select\n name as user_name,\n policies ->> 'PolicyName' as policy_name,\n policies ->> 'PolicyType' as policy_type,\n policies ->> 'DefaultVersion' as policy_default_version,\n policies ->> 'AttachDate' as policy_attachment_date\nfrom\n alicloud_ram_user,\n jsonb_array_elements(attached_policy) as policies\nwhere\n policies ->> 'PolicyName' = 'AdministratorAccess';","startLine":105,"endLine":117},{"lang":"sql+sqlite","code":"select\n name as user_name,\n json_extract(policies.value, '$.PolicyName') as policy_name,\n json_extract(policies.value, '$.PolicyType') as policy_type,\n json_extract(policies.value, '$.DefaultVersion') as policy_default_version,\n json_extract(policies.value, '$.AttachDate') as policy_attachment_date\nfrom\n alicloud_ram_user,\n json_each(attached_policy) as policies\nwhere\n json_extract(policies.value, '$.PolicyName') = 'AdministratorAccess';","startLine":119,"endLine":131}],"isExampleQuery":true},"example_list_all_the_users_for_whom_mfa_is_not_enabled":{"org":"turbot","tables":["alicloud.alicloud_ram_user"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_user.md","folder":"RAM","title":"List all the users for whom MFA is not enabled","titleLine":133,"name":"example_list_all_the_users_for_whom_mfa_is_not_enabled","id":"example_list_all_the_users_for_whom_mfa_is_not_enabled","description":"Explore which users have not enabled multi-factor authentication, a crucial security feature, to identify potential vulnerabilities in your system. This can be particularly useful in prioritizing security improvements and ensuring compliance with best practices.","descriptionStartLine":134,"queries":[{"lang":"sql+postgres","code":"select\n name as user_name,\n user_id as user_id,\n mfa_enabled\nfrom\n alicloud_ram_user\nwhere\n not mfa_enabled;","startLine":136,"endLine":145},{"lang":"sql+sqlite","code":"select\n name as user_name,\n user_id as user_id,\n mfa_enabled\nfrom\n alicloud_ram_user\nwhere\n not mfa_enabled;","startLine":147,"endLine":156}],"isExampleQuery":true},"example_list_users_with_container_service_for_kubernetes_role_based_access_control_rbac_permissions":{"org":"turbot","tables":["alicloud.alicloud_ram_user"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_ram_user.md","folder":"RAM","title":"List users with Container Service for Kubernetes role-based access control (RBAC) permissions","titleLine":158,"name":"example_list_users_with_container_service_for_kubernetes_role_based_access_control_rbac_permissions","id":"example_list_users_with_container_service_for_kubernetes_role_based_access_control_rbac_permissions","description":"Discover the users who have been granted permissions for role-based access control in the Container Service for Kubernetes. This is particularly useful for managing user access and ensuring only authorized users have certain permissions.","descriptionStartLine":159,"queries":[{"lang":"sql+postgres","code":"select\n name as user_name,\n user_id as user_id\nfrom\n alicloud_ram_user\nwhere\n cs_user_permission <> '[]';","startLine":161,"endLine":169},{"lang":"sql+sqlite","code":"select\n name as user_name,\n user_id as user_id\nfrom\n alicloud_ram_user\nwhere\n cs_user_permission != '[]';","startLine":171,"endLine":179}],"isExampleQuery":true}},"rds":{"example_count_backup_by_instance":{"org":"turbot","tables":["alicloud.alicloud_rds_backup"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_rds_backup.md","folder":"RDS","title":"Count backup by instance","titleLine":39,"name":"example_count_backup_by_instance","id":"example_count_backup_by_instance","description":"Assess the number of backups associated with each database instance. This can be useful for managing and monitoring data redundancy and recovery processes.","descriptionStartLine":40,"queries":[{"lang":"sql+postgres","code":"select\n db_instance_id,\n count(backup_id) as backup_count\nfrom\n alicloud_rds_backup\ngroup by\n db_instance_id;","startLine":42,"endLine":50},{"lang":"sql+sqlite","code":"select\n db_instance_id,\n count(backup_id) as backup_count\nfrom\n alicloud_rds_backup\ngroup by\n db_instance_id;","startLine":52,"endLine":60}],"isExampleQuery":true},"example_list_manual_backups":{"org":"turbot","tables":["alicloud.alicloud_rds_backup"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_rds_backup.md","folder":"RDS","title":"List manual backups","titleLine":62,"name":"example_list_manual_backups","id":"example_list_manual_backups","description":"Explore which backups have been manually created in your database. This can be useful in understanding your backup strategy and ensuring that manual backups are being created as expected.","descriptionStartLine":63,"queries":[{"lang":"sql+postgres","code":"select\n backup_id,\n db_instance_id,\n backup_status,\n backup_mode,\n backup_size,\n backup_start_time\nfrom\n alicloud_rds_backup\nwhere\n backup_mode = 'Manual';","startLine":65,"endLine":77},{"lang":"sql+sqlite","code":"select\n backup_id,\n db_instance_id,\n backup_status,\n backup_mode,\n backup_size,\n backup_start_time\nfrom\n alicloud_rds_backup\nwhere\n backup_mode = 'Manual';","startLine":79,"endLine":91}],"isExampleQuery":true},"example_list_backups_of_type_incremental":{"org":"turbot","tables":["alicloud.alicloud_rds_backup"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_rds_backup.md","folder":"RDS","title":"List backups of type incremental","titleLine":93,"name":"example_list_backups_of_type_incremental","id":"example_list_backups_of_type_incremental","description":"Explore which backups are incremental in nature, allowing you to focus on specific data recovery scenarios where only changes since the last backup are needed, thus saving time and resources.","descriptionStartLine":94,"queries":[{"lang":"sql+postgres","code":"select\n backup_id,\n db_instance_id,\n backup_status,\n backup_type,\n backup_size,\n backup_start_time,\n backup_end_time\nfrom\n alicloud_rds_backup\nwhere\n backup_type = 'IncrementalBackup';","startLine":96,"endLine":109},{"lang":"sql+sqlite","code":"select\n backup_id,\n db_instance_id,\n backup_status,\n backup_type,\n backup_size,\n backup_start_time,\n backup_end_time\nfrom\n alicloud_rds_backup\nwhere\n backup_type = 'IncrementalBackup';","startLine":111,"endLine":124}],"isExampleQuery":true},"example_list_backups_by_location":{"org":"turbot","tables":["alicloud.alicloud_rds_backup"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_rds_backup.md","folder":"RDS","title":"List backups by location","titleLine":126,"name":"example_list_backups_by_location","id":"example_list_backups_by_location","description":"Explore which backups are stored in a specific location to better manage storage and retrieval processes.","descriptionStartLine":127,"queries":[{"lang":"sql+postgres","code":"select\n backup_id,\n db_instance_id,\n backup_status,\n backup_type,\n backup_size,\n backup_start_time,\n backup_end_time,\n backup_location\nfrom\n alicloud_rds_backup\nwhere\n backup_location = 'OSS';","startLine":129,"endLine":143},{"lang":"sql+sqlite","code":"select\n backup_id,\n db_instance_id,\n backup_status,\n backup_type,\n backup_size,\n backup_start_time,\n backup_end_time,\n backup_location\nfrom\n alicloud_rds_backup\nwhere\n backup_location = 'OSS';","startLine":145,"endLine":159}],"isExampleQuery":true},"example_list_backups_that_were_created_in_the_last_30_days":{"org":"turbot","tables":["alicloud.alicloud_rds_backup"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_rds_backup.md","folder":"RDS","title":"List backups that were created in the last 30 days","titleLine":161,"name":"example_list_backups_that_were_created_in_the_last_30_days","id":"example_list_backups_that_were_created_in_the_last_30_days","description":"This query helps to monitor and manage data security by identifying recent database backups. It is particularly useful in ensuring regular backups are being created and stored correctly, which is crucial for data recovery in case of accidental loss or system failure.","descriptionStartLine":162,"queries":[{"lang":"sql+postgres","code":"select\n backup_id,\n db_instance_id,\n backup_status,\n backup_type,\n backup_size,\n backup_start_time,\n backup_end_time,\n backup_location\nfrom\n alicloud_rds_backup\nwhere\n backup_end_time >= now() - interval '30' day;","startLine":164,"endLine":178},{"lang":"sql+sqlite","code":"select\n backup_id,\n db_instance_id,\n backup_status,\n backup_type,\n backup_size,\n backup_start_time,\n backup_end_time,\n backup_location\nfrom\n alicloud_rds_backup\nwhere\n backup_end_time >= datetime('now', '-30 day');","startLine":180,"endLine":194}],"isExampleQuery":true},"example_count_databases_per_instance":{"org":"turbot","tables":["alicloud.alicloud_rds_database"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_rds_database.md","folder":"RDS","title":"Count databases per instance","titleLine":35,"name":"example_count_databases_per_instance","id":"example_count_databases_per_instance","description":"Assess the number of databases within each instance to better understand your resource distribution and usage. This can be useful in managing your resources effectively and planning for capacity or scaling needs.","descriptionStartLine":36,"queries":[{"lang":"sql+postgres","code":"select\n db_instance_id,\n count(\"db_name\") as database_count\nfrom\n alicloud_rds_database\ngroup by\n db_instance_id;","startLine":38,"endLine":46},{"lang":"sql+sqlite","code":"select\n db_instance_id,\n count(\"db_name\") as database_count\nfrom\n alicloud_rds_database\ngroup by\n db_instance_id;","startLine":48,"endLine":56}],"isExampleQuery":true},"example_list_databases_of_engine_mysql":{"org":"turbot","tables":["alicloud.alicloud_rds_database"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_rds_database.md","folder":"RDS","title":"List databases of engine MySQL","titleLine":58,"name":"example_list_databases_of_engine_mysql","id":"example_list_databases_of_engine_mysql","description":"Explore the status and instance IDs of your MySQL databases. This is useful for managing and tracking your MySQL databases across your Alicloud RDS service.","descriptionStartLine":59,"queries":[{"lang":"sql+postgres","code":"select\n db_name,\n db_instance_id,\n db_status,\n engine\nfrom\n alicloud_rds_database\nwhere\n engine = 'MySQL';","startLine":61,"endLine":71},{"lang":"sql+sqlite","code":"select\n db_name,\n db_instance_id,\n db_status,\n engine\nfrom\n alicloud_rds_database\nwhere\n engine = 'MySQL';","startLine":73,"endLine":83}],"isExampleQuery":true},"example_get_db_instance_details_of_each_database":{"org":"turbot","tables":["alicloud.alicloud_rds_database"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_rds_database.md","folder":"RDS","title":"Get DB instance details of each database","titleLine":85,"name":"example_get_db_instance_details_of_each_database","id":"example_get_db_instance_details_of_each_database","description":"This example helps you discover the segments that include specific details about each database in your Alicloud RDS instances. It assists in gaining insights into the network type, creation time, and engine used, which can be beneficial for database management and optimization.","descriptionStartLine":86,"queries":[{"lang":"sql+postgres","code":"select\n d.db_name,\n d.db_instance_id,\n i.vpc_id,\n i.creation_time,\n i.engine,\n i.db_instance_net_type\nfrom\n alicloud_rds_database as d,\n alicloud_rds_instance as i\nwhere\n d.db_instance_id = i.db_instance_id;","startLine":88,"endLine":101},{"lang":"sql+sqlite","code":"select\n d.db_name,\n d.db_instance_id,\n i.vpc_id,\n i.creation_time,\n i.engine,\n i.db_instance_net_type\nfrom\n alicloud_rds_database as d,\n alicloud_rds_instance as i\nwhere\n d.db_instance_id = i.db_instance_id;","startLine":103,"endLine":116}],"isExampleQuery":true},"example_list_databases_that_are_not_running":{"org":"turbot","tables":["alicloud.alicloud_rds_database"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_rds_database.md","folder":"RDS","title":"List databases that are not running","titleLine":118,"name":"example_list_databases_that_are_not_running","id":"example_list_databases_that_are_not_running","description":"Determine the areas in which certain databases are not operational. This is particularly useful for identifying potential issues and ensuring all databases are functioning as expected.","descriptionStartLine":119,"queries":[{"lang":"sql+postgres","code":"select\n db_name,\n db_instance_id,\n db_status\nfrom\n alicloud_rds_instance\nwhere\n db_status <> 'Running';","startLine":121,"endLine":130},{"lang":"sql+sqlite","code":"select\n db_name,\n db_instance_id,\n db_status\nfrom\n alicloud_rds_instance\nwhere\n db_status <> 'Running';","startLine":132,"endLine":141}],"isExampleQuery":true},"example_db_instance_count_in_each_region":{"org":"turbot","tables":["alicloud.alicloud_rds_instance"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_rds_instance.md","folder":"RDS","title":"DB instance count in each region","titleLine":37,"name":"example_db_instance_count_in_each_region","id":"example_db_instance_count_in_each_region","description":"Determine the distribution of database instances across different regions to better understand resource allocation and usage patterns.","descriptionStartLine":38,"queries":[{"lang":"sql+postgres","code":"select\n region_id as region,\n db_instance_class,\n count(*)\nfrom\n alicloud_rds_instance\ngroup by\n region_id,\n db_instance_class;","startLine":40,"endLine":50},{"lang":"sql+sqlite","code":"select\n region_id as region,\n db_instance_class,\n count(*)\nfrom\n alicloud_rds_instance\ngroup by\n region_id,\n db_instance_class;","startLine":52,"endLine":62}],"isExampleQuery":true},"example_list_db_instances_whose_engine_is_mysql":{"org":"turbot","tables":["alicloud.alicloud_rds_instance"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_rds_instance.md","folder":"RDS","title":"List DB instances whose engine is MySQL","titleLine":64,"name":"example_list_db_instances_whose_engine_is_mysql","id":"example_list_db_instances_whose_engine_is_mysql","description":"Explore which database instances are running on the MySQL engine. This can be useful for assessing your infrastructure's dependencies on this particular database engine.","descriptionStartLine":65,"queries":[{"lang":"sql+postgres","code":"select\n db_instance_id,\n vpc_id,\n creation_time,\n engine\nfrom\n alicloud_rds_instance\nwhere\n engine = 'MySQL';","startLine":67,"endLine":77},{"lang":"sql+sqlite","code":"select\n db_instance_id,\n vpc_id,\n creation_time,\n engine\nfrom\n alicloud_rds_instance\nwhere\n engine = 'MySQL';","startLine":79,"endLine":89}],"isExampleQuery":true},"example_list_db_instances_that_are_currently_running":{"org":"turbot","tables":["alicloud.alicloud_rds_instance"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_rds_instance.md","folder":"RDS","title":"List DB instances that are currently running","titleLine":91,"name":"example_list_db_instances_that_are_currently_running","id":"example_list_db_instances_that_are_currently_running","description":"Identify instances where your database is currently active. This is useful for monitoring system performance and ensuring resources are not being wasted on idle databases.","descriptionStartLine":92,"queries":[{"lang":"sql+postgres","code":"select\n db_instance_id,\n vpc_id,\n creation_time,\n engine\nfrom\n alicloud_rds_instance\nwhere\n db_instance_status = 'Running';","startLine":94,"endLine":104},{"lang":"sql+sqlite","code":"select\n db_instance_id,\n vpc_id,\n creation_time,\n engine\nfrom\n alicloud_rds_instance\nwhere\n db_instance_status = 'Running';","startLine":106,"endLine":116}],"isExampleQuery":true},"example_list_db_instances_that_allow_0_0_0_0_0":{"org":"turbot","tables":["alicloud.alicloud_rds_instance"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_rds_instance.md","folder":"RDS","title":"List DB instances that allow 0.0.0.0/0","titleLine":118,"name":"example_list_db_instances_that_allow_0_0_0_0_0","id":"example_list_db_instances_that_allow_0_0_0_0_0","description":"Determine the areas in which database instances are set to allow all IP addresses. This query is useful in identifying potential security risks, as allowing all IP addresses may expose your database to unwanted access.","descriptionStartLine":119,"queries":[{"lang":"sql+postgres","code":"select\n db_instance_id,\n security_ips\nfrom\n alicloud_rds_instance\nwhere\n security_ips :: jsonb ? '0.0.0.0/0';","startLine":121,"endLine":129},{"lang":"sql+sqlite","code":"Error: SQLite does not support CIDR operations.","startLine":131,"endLine":133}],"isExampleQuery":true},"example_list_db_instances_with_ssl_encryption_disabled":{"org":"turbot","tables":["alicloud.alicloud_rds_instance"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_rds_instance.md","folder":"RDS","title":"List DB instances with SSL encryption disabled","titleLine":135,"name":"example_list_db_instances_with_ssl_encryption_disabled","id":"example_list_db_instances_with_ssl_encryption_disabled","description":"Identify instances where the SSL encryption is disabled on your database, allowing you to pinpoint potential security vulnerabilities and improve your database's protection against unauthorized access.","descriptionStartLine":136,"queries":[{"lang":"sql+postgres","code":"select\n db_instance_id,\n vpc_id,\n creation_time,\n engine,\n ssl_encryption\nfrom\n alicloud_rds_instance\nwhere\n ssl_status = 'Disabled';","startLine":138,"endLine":149},{"lang":"sql+sqlite","code":"select\n db_instance_id,\n vpc_id,\n creation_time,\n engine,\n ssl_encryption\nfrom\n alicloud_rds_instance\nwhere\n ssl_status = 'Disabled';","startLine":151,"endLine":162}],"isExampleQuery":true},"example_list_db_instances_with_tde_disabled":{"org":"turbot","tables":["alicloud.alicloud_rds_instance"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_rds_instance.md","folder":"RDS","title":"List DB instances with TDE disabled","titleLine":164,"name":"example_list_db_instances_with_tde_disabled","id":"example_list_db_instances_with_tde_disabled","description":"Identify instances where the Transparent Data Encryption (TDE) feature is disabled within your database instances. This can be useful for enhancing data security by pinpointing potential vulnerabilities and areas that need attention.","descriptionStartLine":165,"queries":[{"lang":"sql+postgres","code":"select\n db_instance_id,\n vpc_id,\n creation_time,\n engine,\n tde_status\nfrom\n alicloud_rds_instance\nwhere\n tde_status = 'Disabled';","startLine":167,"endLine":178},{"lang":"sql+sqlite","code":"select\n db_instance_id,\n vpc_id,\n creation_time,\n engine,\n tde_status\nfrom\n alicloud_rds_instance\nwhere\n tde_status = 'Disabled';","startLine":180,"endLine":191}],"isExampleQuery":true},"example_get_security_group_configuration_details_for_instances":{"org":"turbot","tables":["alicloud.alicloud_rds_instance"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_rds_instance.md","folder":"RDS","title":"Get security group configuration details for instances","titleLine":193,"name":"example_get_security_group_configuration_details_for_instances","id":"example_get_security_group_configuration_details_for_instances","description":"Explore the security configurations of your database instances to understand their network types and geographical regions. This can help in assessing your security measures and ensuring they align with your organization's standards and requirements.","descriptionStartLine":194,"queries":[{"lang":"sql+postgres","code":"select\n i.db_instance_id,\n s ->> 'NetworkType' as network_type,\n s ->> 'RegionId' as security_group_region_id,\n s ->> 'SecurityGroupId' as security_group_id\nfrom\n alicloud_rds_instance as i,\n jsonb_array_elements(security_group_configuration) as s;","startLine":196,"endLine":205},{"lang":"sql+sqlite","code":"select\n i.db_instance_id,\n json_extract(s.value, '$.NetworkType') as network_type,\n json_extract(s.value, '$.RegionId') as security_group_region_id,\n json_extract(s.value, '$.SecurityGroupId') as security_group_id\nfrom\n alicloud_rds_instance as i,\n json_each(security_group_configuration) as s;","startLine":207,"endLine":216}],"isExampleQuery":true},"example_get_encryption_details_for_all_the_instances":{"org":"turbot","tables":["alicloud.alicloud_rds_instance"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_rds_instance.md","folder":"RDS","title":"Get encryption details for all the instances","titleLine":218,"name":"example_get_encryption_details_for_all_the_instances","id":"example_get_encryption_details_for_all_the_instances","description":"Identify the encryption details for all instances to enhance your understanding of your database security. This is useful for auditing your security measures and ensuring necessary precautions are in place.","descriptionStartLine":219,"queries":[{"lang":"sql+postgres","code":"select\n i.arn as instance_arn,\n i.title as instance_name,\n encryption_key,\n k.title as kms_key_name \nfrom\n alicloud_rds_instance i \n left join\n alicloud_kms_key k \n on encryption_key = key_id;","startLine":221,"endLine":232},{"lang":"sql+sqlite","code":"select\n i.arn as instance_arn,\n i.title as instance_name,\n encryption_key,\n k.title as kms_key_name \nfrom\n alicloud_rds_instance i \n left join\n alicloud_kms_key k \n on encryption_key = k.key_id;","startLine":234,"endLine":245}],"isExampleQuery":true},"example_intervals_where_connection_exceed_1000_average":{"org":"turbot","tables":["alicloud.alicloud_rds_instance_metric_connections_daily"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_rds_instance_metric_connections_daily.md","folder":"RDS","title":"Intervals where connection exceed 1000 average","titleLine":45,"name":"example_intervals_where_connection_exceed_1000_average","id":"example_intervals_where_connection_exceed_1000_average","description":"Discover the instances where the average number of connections exceeds 1000 in your Alicloud RDS, providing a detailed overview of database usage and potential performance issues.","descriptionStartLine":46,"queries":[{"lang":"sql+postgres","code":"select\n db_instance_id,\n timestamp,\n round(minimum::numeric,2) as min_conn,\n round(maximum::numeric,2) as max_conn,\n round(average::numeric,2) as avg_conn\nfrom\n alicloud_rds_instance_metric_connections_daily\nwhere\n average > 1000\norder by\n db_instance_id,\n timestamp;","startLine":48,"endLine":62},{"lang":"sql+sqlite","code":"select\n db_instance_id,\n timestamp,\n round(minimum,2) as min_conn,\n round(maximum,2) as max_conn,\n round(average,2) as avg_conn\nfrom\n alicloud_rds_instance_metric_connections_daily\nwhere\n average > 1000\norder by\n db_instance_id,\n timestamp;","startLine":64,"endLine":78}],"isExampleQuery":true},"example_cpu_over_80_average":{"org":"turbot","tables":["alicloud.alicloud_rds_instance_metric_cpu_utilization_hourly"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_rds_instance_metric_cpu_utilization_hourly.md","folder":"RDS","title":"CPU over 80% average","titleLine":45,"name":"example_cpu_over_80_average","id":"example_cpu_over_80_average","description":"Determine the areas in which database instances are experiencing high CPU utilization, specifically where the average CPU usage exceeds 80%. This can assist in identifying potential performance issues and optimizing resource allocation.","descriptionStartLine":46,"queries":[{"lang":"sql+postgres","code":"select\n db_instance_id,\n timestamp,\n round(minimum::numeric,2) as min_cpu,\n round(maximum::numeric,2) as max_cpu,\n round(average::numeric,2) as avg_cpu\nfrom\n alicloud_rds_instance_metric_cpu_utilization_hourly\nwhere\n average > 80\norder by\n db_instance_id,\n timestamp;","startLine":48,"endLine":62},{"lang":"sql+sqlite","code":"select\n db_instance_id,\n timestamp,\n round(minimum,2) as min_cpu,\n round(maximum,2) as max_cpu,\n round(average,2) as avg_cpu\nfrom\n alicloud_rds_instance_metric_cpu_utilization_hourly\nwhere\n average > 80\norder by\n db_instance_id,\n timestamp;","startLine":64,"endLine":78}],"isExampleQuery":true}},"security_center":{"example_ensure_that_security_center_is_advanced_or_enterprise_edition":{"org":"turbot","tables":["alicloud.alicloud_security_center_version"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_security_center_version.md","folder":"Security Center","title":"Ensure that Security Center is Advanced or Enterprise edition","titleLine":35,"name":"example_ensure_that_security_center_is_advanced_or_enterprise_edition","id":"example_ensure_that_security_center_is_advanced_or_enterprise_edition","description":"Discover the segments that are utilizing either the Advanced or Enterprise editions of the Security Center. This helps in understanding the deployment and usage of these premium editions across different regions, and whether they are trial versions or exceeding their balance.","descriptionStartLine":36,"queries":[{"lang":"sql+postgres","code":"select\n version,\n is_trial_version,\n is_over_balance,\n region\nfrom\n alicloud_security_center_version\nwhere\nversion in ('2','3','5');","startLine":38,"endLine":48},{"lang":"sql+sqlite","code":"select\n version,\n is_trial_version,\n is_over_balance,\n region\nfrom\n alicloud_security_center_version\nwhere\nversion in ('2','3','5');","startLine":50,"endLine":60}],"isExampleQuery":true}},"slb":{"example_get_vpc_details_associated_with_slb_load_balancers":{"org":"turbot","tables":["alicloud.alicloud_slb_load_balancer"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_slb_load_balancer.md","folder":"SLB","title":"Get VPC details associated with SLB load balancers","titleLine":42,"name":"example_get_vpc_details_associated_with_slb_load_balancers","id":"example_get_vpc_details_associated_with_slb_load_balancers","description":"Determine the areas in which your SLB load balancers are associated with specific VPC details. This can help you gain insights into your load balancing configurations and how they interact with your virtual private cloud settings.","descriptionStartLine":43,"queries":[{"lang":"sql+postgres","code":"select\n s.load_balancer_name,\n s.load_balancer_id,\n s.vpc_id,\n v.is_default,\n v.cidr_block\nfrom\n alicloud_slb_load_balancer as s,\n alicloud_vpc as v;","startLine":45,"endLine":55},{"lang":"sql+sqlite","code":"select\n s.load_balancer_name,\n s.load_balancer_id,\n s.vpc_id,\n v.is_default,\n v.cidr_block\nfrom\n alicloud_slb_load_balancer as s,\n alicloud_vpc as v;","startLine":57,"endLine":67}],"isExampleQuery":true},"example_list_slb_load_balancers_that_have_deletion_protection_enabled":{"org":"turbot","tables":["alicloud.alicloud_slb_load_balancer"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_slb_load_balancer.md","folder":"SLB","title":"List SLB load balancers that have deletion protection enabled","titleLine":69,"name":"example_list_slb_load_balancers_that_have_deletion_protection_enabled","id":"example_list_slb_load_balancers_that_have_deletion_protection_enabled","description":"Identify the instances where load balancers have deletion protection enabled. This is useful in ensuring the prevention of accidental deletion of critical load balancers.","descriptionStartLine":70,"queries":[{"lang":"sql+postgres","code":"select\n load_balancer_name,\n load_balancer_id,\n load_balancer_status,\n delete_protection\nfrom\n alicloud_slb_load_balancer\nwhere\n delete_protection = 'on';","startLine":72,"endLine":82},{"lang":"sql+sqlite","code":"The query provided is already compatible with SQLite. It does not use any PostgreSQL-specific functions or data types that need to be converted. Therefore, the SQLite query is the same as the PostgreSQL query:\n\n```sql\nselect\n load_balancer_name,\n load_balancer_id,\n load_balancer_status,\n delete_protection\nfrom\n alicloud_slb_load_balancer\nwhere\n delete_protection = 'on';","startLine":84,"endLine":97},{"lang":null,"code":"\n### List SLB load balancers created in the last 30 days\nExplore which load balancers have been created in the past month. This can be useful in monitoring recent activity and ensuring proper load distribution across your network.\n\n```sql+postgres\nselect\n load_balancer_name,\n load_balancer_id,\n load_balancer_status\nfrom\n alicloud_slb_load_balancer\nwhere\n create_time >= now() - interval '30' day;","startLine":98,"endLine":112},{"lang":"sql+sqlite","code":"select\n load_balancer_name,\n load_balancer_id,\n load_balancer_status\nfrom\n alicloud_slb_load_balancer\nwhere\n create_time >= datetime('now', '-30 day');","startLine":114,"endLine":123}],"isExampleQuery":true}},"vpc":{"example_find_default_vpcs":{"org":"turbot","tables":["alicloud.alicloud_vpc"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc.md","folder":"VPC","title":"Find default VPCs","titleLine":12,"name":"example_find_default_vpcs","id":"example_find_default_vpcs","description":"Determine the areas in which default VPCs are being used across different accounts and regions. This can be useful for managing network accessibility and understanding the distribution of resources in a cloud environment.","descriptionStartLine":13,"queries":[{"lang":"sql+postgres","code":"select\n name,\n vpc_id,\n is_default,\n cidr_block,\n status,\n account_id,\n region\nfrom\n alicloud_vpc\nwhere\n is_default;","startLine":15,"endLine":28},{"lang":"sql+sqlite","code":"select\n name,\n vpc_id,\n is_default,\n cidr_block,\n status,\n account_id,\n region\nfrom\n alicloud_vpc\nwhere\n is_default;","startLine":30,"endLine":43}],"isExampleQuery":true},"example_show_cidr_details":{"org":"turbot","tables":["alicloud.alicloud_vpc"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc.md","folder":"VPC","title":"Show CIDR details","titleLine":45,"name":"example_show_cidr_details","id":"example_show_cidr_details","description":"Determine the characteristics of your network such as host address, broadcast address, netmask, and network address to better understand and manage your network infrastructure.","descriptionStartLine":46,"queries":[{"lang":"sql+postgres","code":"select\n vpc_id,\n cidr_block,\n host(cidr_block),\n broadcast(cidr_block),\n netmask(cidr_block),\n network(cidr_block)\nfrom\n alicloud_vpc;","startLine":48,"endLine":58},{"lang":"sql+sqlite","code":"Error: SQLite does not support CIDR operations.","startLine":60,"endLine":62}],"isExampleQuery":true},"example_list_vpcs_with_public_cidr_blocks":{"org":"turbot","tables":["alicloud.alicloud_vpc"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc.md","folder":"VPC","title":"List VPCs with public CIDR blocks","titleLine":64,"name":"example_list_vpcs_with_public_cidr_blocks","id":"example_list_vpcs_with_public_cidr_blocks","description":"Identify instances where your VPCs have CIDR blocks that are publicly accessible. This is useful for assessing potential security risks and ensuring that your network configurations align with best practices.","descriptionStartLine":65,"queries":[{"lang":"sql+postgres","code":"select\n vpc_id,\n cidr_block,\n status,\n region\nfrom\n alicloud_vpc\nwhere\n not cidr_block <<= '10.0.0.0/8'\n and not cidr_block <<= '192.168.0.0/16'\n and not cidr_block <<= '172.16.0.0/12';","startLine":67,"endLine":79},{"lang":"sql+sqlite","code":"Error: SQLite does not support CIDR operations.","startLine":81,"endLine":83}],"isExampleQuery":true},"example_get_the_vswitches_details_for_vpcs":{"org":"turbot","tables":["alicloud.alicloud_vpc"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc.md","folder":"VPC","title":"Get the VSwitches details for VPCs","titleLine":85,"name":"example_get_the_vswitches_details_for_vpcs","id":"example_get_the_vswitches_details_for_vpcs","description":"Explore the status and available IP addresses of virtual switches within specific virtual private clouds. This is useful for managing and optimizing network resources in a cloud environment.","descriptionStartLine":86,"queries":[{"lang":"sql+postgres","code":"select\n vpc.vpc_id,\n vswitch.vswitch_id,\n vswitch.cidr_block,\n vswitch.status,\n vswitch.available_ip_address_count,\n vswitch.zone_id\nfrom\n alicloud_vpc as vpc\n join alicloud_vpc_vswitch as vswitch on vpc.vpc_id = vswitch.vpc_id\norder by \n vpc.vpc_id;","startLine":88,"endLine":101},{"lang":"sql+sqlite","code":"select\n vpc.vpc_id,\n vswitch.vswitch_id,\n vswitch.cidr_block,\n vswitch.status,\n vswitch.available_ip_address_count,\n vswitch.zone_id\nfrom\n alicloud_vpc as vpc\n join alicloud_vpc_vswitch as vswitch on vpc.vpc_id = vswitch.vpc_id\norder by \n vpc.vpc_id;","startLine":103,"endLine":116}],"isExampleQuery":true},"example_list_vpcs_that_are_associated_with_dhcp_options_set":{"org":"turbot","tables":["alicloud.alicloud_vpc_dhcp_options_set"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_dhcp_options_set.md","folder":"VPC","title":"List VPCs that are associated with DHCP options set","titleLine":43,"name":"example_list_vpcs_that_are_associated_with_dhcp_options_set","id":"example_list_vpcs_that_are_associated_with_dhcp_options_set","description":"Identify the VPCs that are linked with specific DHCP options sets. This is useful in managing network configurations and ensuring proper communication between devices within your virtual private cloud.","descriptionStartLine":44,"queries":[{"lang":"sql+postgres","code":"select\n name,\n dhcp_options_set_id,\n vpc ->> \"VpcId\" as vpc_id\nfrom\n alicloud_vpc_dhcp_options_set,\n jsonb_array_elements(associate_vpcs) as vpc;","startLine":46,"endLine":54},{"lang":"sql+sqlite","code":"select\n name,\n dhcp_options_set_id,\n json_extract(vpc.value, '$.VpcId') as vpc_id\nfrom\n alicloud_vpc_dhcp_options_set,\n json_each(associate_vpcs) as vpc;","startLine":56,"endLine":64}],"isExampleQuery":true},"example_count_the_number_of_vpcs_associated_with_dhcp_options_set":{"org":"turbot","tables":["alicloud.alicloud_vpc_dhcp_options_set"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_dhcp_options_set.md","folder":"VPC","title":"Count the number of VPCs associated with DHCP options set","titleLine":66,"name":"example_count_the_number_of_vpcs_associated_with_dhcp_options_set","id":"example_count_the_number_of_vpcs_associated_with_dhcp_options_set","description":"Determine the quantity of virtual private clouds (VPCs) linked with a Dynamic Host Configuration Protocol (DHCP) options set. This can be useful when assessing the extent of network configurations within your system.","descriptionStartLine":67,"queries":[{"lang":"sql+postgres","code":"select\n name,\n dhcp_options_set_id,\n associate_vpc_count\nfrom\n alicloud_vpc_dhcp_options_set;","startLine":69,"endLine":76},{"lang":"sql+sqlite","code":"select\n name,\n dhcp_options_set_id,\n associate_vpc_count\nfrom\n alicloud_vpc_dhcp_options_set;","startLine":78,"endLine":85}],"isExampleQuery":true},"example_list_dhcp_option_sets_that_are_in_use":{"org":"turbot","tables":["alicloud.alicloud_vpc_dhcp_options_set"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_dhcp_options_set.md","folder":"VPC","title":"List DHCP option sets that are in use","titleLine":87,"name":"example_list_dhcp_option_sets_that_are_in_use","id":"example_list_dhcp_option_sets_that_are_in_use","description":"Identify the DHCP option sets that are currently in use. This can help assess network settings and ensure they are configured correctly.","descriptionStartLine":88,"queries":[{"lang":"sql+postgres","code":"select\n name,\n nat_gateway_id,\n status\nfrom\n alicloud_vpc_dhcp_options_set\nwhere\n status = 'InUse';","startLine":90,"endLine":99},{"lang":"sql+sqlite","code":"select\n name,\n nat_gateway_id,\n status\nfrom\n alicloud_vpc_dhcp_options_set\nwhere\n status = 'InUse';","startLine":101,"endLine":110}],"isExampleQuery":true},"example_get_the_info_of_instance_bound_to_eip":{"org":"turbot","tables":["alicloud.alicloud_vpc_eip"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_eip.md","folder":"VPC","title":"Get the info of instance bound to eip","titleLine":42,"name":"example_get_the_info_of_instance_bound_to_eip","id":"example_get_the_info_of_instance_bound_to_eip","description":"Discover the segments that are linked to a specific Elastic IP in order to understand its allocation, the type of instance it's attached to, and its regional location. This is useful for managing resources and bandwidth within your network infrastructure.","descriptionStartLine":43,"queries":[{"lang":"sql+postgres","code":"select\n name,\n allocation_id,\n instance_type,\n instance_id,\n instance_region_id,\n bandwidth\nfrom\n alicloud_vpc_eip;","startLine":45,"endLine":55},{"lang":"sql+sqlite","code":"select\n name,\n allocation_id,\n instance_type,\n instance_id,\n instance_region_id,\n bandwidth\nfrom\n alicloud_vpc_eip;","startLine":57,"endLine":67}],"isExampleQuery":true},"example_list_all_the_available_eips":{"org":"turbot","tables":["alicloud.alicloud_vpc_eip"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_eip.md","folder":"VPC","title":"List all the available eips","titleLine":70,"name":"example_list_all_the_available_eips","id":"example_list_all_the_available_eips","description":"Determine the areas in which Elastic IP addresses are available for use. This is useful for identifying potential resources in your Alicloud Virtual Private Cloud that are not currently being utilized.","descriptionStartLine":71,"queries":[{"lang":"sql+postgres","code":"select\n name,\n allocation_id,\n instance_type,\n status\nfrom\n alicloud_vpc_eip\nwhere\n status = 'Available';","startLine":73,"endLine":83},{"lang":"sql+sqlite","code":"select\n name,\n allocation_id,\n instance_type,\n status\nfrom\n alicloud_vpc_eip\nwhere\n status = 'Available';","startLine":85,"endLine":95}],"isExampleQuery":true},"example_get_the_eips_where_hd_monitoring_is_off":{"org":"turbot","tables":["alicloud.alicloud_vpc_eip"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_eip.md","folder":"VPC","title":"Get the eips where hd monitoring is off","titleLine":98,"name":"example_get_the_eips_where_hd_monitoring_is_off","id":"example_get_the_eips_where_hd_monitoring_is_off","description":"Identify instances where HD monitoring is turned off for Elastic IP addresses within your Alicloud Virtual Private Cloud. This can be crucial for optimizing your network performance and security measures.","descriptionStartLine":99,"queries":[{"lang":"sql+postgres","code":"select\n name,\n allocation_id,\n hd_monitor_status\nfrom\n alicloud_vpc_eip\nwhere\n hd_monitor_status = 'OFF';","startLine":101,"endLine":110},{"lang":"sql+sqlite","code":"select\n name,\n allocation_id,\n hd_monitor_status\nfrom\n alicloud_vpc_eip\nwhere\n hd_monitor_status = 'OFF';","startLine":112,"endLine":121}],"isExampleQuery":true},"example_list_flow_logs_that_are_inactive":{"org":"turbot","tables":["alicloud.alicloud_vpc_flow_log"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_flow_log.md","folder":"VPC","title":"List flow logs that are inactive","titleLine":43,"name":"example_list_flow_logs_that_are_inactive","id":"example_list_flow_logs_that_are_inactive","description":"Identify instances where flow logs are inactive in your Alicloud VPC. This can be useful for optimizing resource usage and ensuring that all active flow logs are necessary and functional.","descriptionStartLine":44,"queries":[{"lang":"sql+postgres","code":"select\n name,\n flow_log_id,\n creation_time,\n resource_type,\n status\nfrom\n alicloud_vpc_flow_log\nwhere\n status = 'Inactive';","startLine":46,"endLine":57},{"lang":"sql+sqlite","code":"select\n name,\n flow_log_id,\n creation_time,\n resource_type,\n status\nfrom\n alicloud_vpc_flow_log\nwhere\n status = 'Inactive';","startLine":59,"endLine":70}],"isExampleQuery":true},"example_list_flow_logs_by_resource_type":{"org":"turbot","tables":["alicloud.alicloud_vpc_flow_log"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_flow_log.md","folder":"VPC","title":"List flow logs by resource type","titleLine":72,"name":"example_list_flow_logs_by_resource_type","id":"example_list_flow_logs_by_resource_type","description":"Explore which flow logs have been created for a specific type of resource. This can be particularly useful for managing and troubleshooting network traffic within your Virtual Private Cloud (VPC), allowing you to identify potential issues or inefficiencies.","descriptionStartLine":73,"queries":[{"lang":"sql+postgres","code":"select\n name,\n flow_log_id,\n creation_time,\n resource_type,\n project_name,\n log_store_name\nfrom\n alicloud_vpc_flow_log\nwhere\n resource_type = 'VPC';","startLine":75,"endLine":87},{"lang":"sql+sqlite","code":"select\n name,\n flow_log_id,\n creation_time,\n resource_type,\n project_name,\n log_store_name\nfrom\n alicloud_vpc_flow_log\nwhere\n resource_type = 'VPC';","startLine":89,"endLine":101}],"isExampleQuery":true},"example_list_flow_logs_created_in_the_last_30_days":{"org":"turbot","tables":["alicloud.alicloud_vpc_flow_log"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_flow_log.md","folder":"VPC","title":"List flow logs created in the last 30 days","titleLine":103,"name":"example_list_flow_logs_created_in_the_last_30_days","id":"example_list_flow_logs_created_in_the_last_30_days","description":"Analyze the flow logs to understand the recent activities in your Virtual Private Cloud (VPC). This is particularly useful for identifying any unusual network traffic patterns or potential security issues that have arisen in the past month.","descriptionStartLine":104,"queries":[{"lang":"sql+postgres","code":"select\n name,\n flow_log_id,\n creation_time,\n resource_type,\n project_name,\n log_store_name\nfrom\n alicloud_vpc_flow_log\nwhere\n creation_time >= now() - interval '30' day;","startLine":106,"endLine":118},{"lang":"sql+sqlite","code":"select\n name,\n flow_log_id,\n creation_time,\n resource_type,\n project_name,\n log_store_name\nfrom\n alicloud_vpc_flow_log\nwhere\n creation_time >= datetime('now', '-30 day');","startLine":120,"endLine":132}],"isExampleQuery":true},"example_list_ip_address_details_for_nat_gateways":{"org":"turbot","tables":["alicloud.alicloud_vpc_nat_gateway"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_nat_gateway.md","folder":"VPC","title":"List IP address details for NAT gateways","titleLine":43,"name":"example_list_ip_address_details_for_nat_gateways","id":"example_list_ip_address_details_for_nat_gateways","description":"Determine the details of IP addresses associated with Network Address Translation (NAT) gateways to manage and monitor your network's internet connectivity and security.","descriptionStartLine":44,"queries":[{"lang":"sql+postgres","code":"select\n nat_gateway_id,\n address ->> 'IpAddress' as ip_address,\n address ->> 'AllocationId' as allocation_id\nfrom\n alicloud_vpc_nat_gateway,\n jsonb_array_elements(ip_lists) as address;","startLine":46,"endLine":54},{"lang":"sql+sqlite","code":"select\n nat_gateway_id,\n json_extract(address.value, '$.IpAddress') as ip_address,\n json_extract(address.value, '$.AllocationId') as allocation_id\nfrom\n alicloud_vpc_nat_gateway,\n json_each(ip_lists) as address;","startLine":56,"endLine":64}],"isExampleQuery":true},"example_list_private_network_info_for_nat_gateways":{"org":"turbot","tables":["alicloud.alicloud_vpc_nat_gateway"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_nat_gateway.md","folder":"VPC","title":"List private network info for NAT gateways","titleLine":66,"name":"example_list_private_network_info_for_nat_gateways","id":"example_list_private_network_info_for_nat_gateways","description":"Discover the segments that provide private network details for NAT gateways. This query can be used to assess the elements within your network infrastructure and optimize resource allocation based on bandwidth usage and zone distribution.","descriptionStartLine":67,"queries":[{"lang":"sql+postgres","code":"select\n name,\n nat_gateway_id,\n nat_gateway_private_info ->> 'EniInstanceId' as eni_instance_id,\n nat_gateway_private_info ->> 'IzNo' as nat_gateway_zone_id,\n nat_gateway_private_info ->> 'MaxBandwidth' as max_bandwidth,\n nat_gateway_private_info ->> 'PrivateIpAddress' as private_ip_address,\n nat_gateway_private_info ->> 'VswitchId' as vswitch_id\nfrom\n alicloud_vpc_nat_gateway;","startLine":69,"endLine":80},{"lang":"sql+sqlite","code":"select\n name,\n nat_gateway_id,\n json_extract(nat_gateway_private_info, '$.EniInstanceId') as eni_instance_id,\n json_extract(nat_gateway_private_info, '$.IzNo') as nat_gateway_zone_id,\n json_extract(nat_gateway_private_info, '$.MaxBandwidth') as max_bandwidth,\n json_extract(nat_gateway_private_info, '$.PrivateIpAddress') as private_ip_address,\n json_extract(nat_gateway_private_info, '$.VswitchId') as vswitch_id\nfrom\n alicloud_vpc_nat_gateway;","startLine":82,"endLine":93}],"isExampleQuery":true},"example_list_nat_gateways_that_have_traffic_monitoring_disabled":{"org":"turbot","tables":["alicloud.alicloud_vpc_nat_gateway"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_nat_gateway.md","folder":"VPC","title":"List NAT gateways that have traffic monitoring disabled","titleLine":95,"name":"example_list_nat_gateways_that_have_traffic_monitoring_disabled","id":"example_list_nat_gateways_that_have_traffic_monitoring_disabled","description":"Identify instances where NAT gateways do not have traffic monitoring enabled. This can be useful in ensuring all gateways are properly configured for optimal security and performance.","descriptionStartLine":96,"queries":[{"lang":"sql+postgres","code":"select\n name,\n nat_gateway_id,\n ecs_metric_enabled\nfrom\n alicloud_vpc_nat_gateway\nwhere\n not ecs_metric_enabled;","startLine":98,"endLine":107},{"lang":"sql+sqlite","code":"select\n name,\n nat_gateway_id,\n ecs_metric_enabled\nfrom\n alicloud_vpc_nat_gateway\nwhere\n not ecs_metric_enabled;","startLine":109,"endLine":118}],"isExampleQuery":true},"example_list_nat_gateways_that_have_deletion_protection_disabled":{"org":"turbot","tables":["alicloud.alicloud_vpc_nat_gateway"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_nat_gateway.md","folder":"VPC","title":"List NAT gateways that have deletion protection disabled","titleLine":120,"name":"example_list_nat_gateways_that_have_deletion_protection_disabled","id":"example_list_nat_gateways_that_have_deletion_protection_disabled","description":"Determine the areas in which NAT gateways lack deletion protection to enhance your network's security and prevent accidental data loss.","descriptionStartLine":121,"queries":[{"lang":"sql+postgres","code":"select\n name,\n nat_gateway_id,\n deletion_protection\nfrom\n alicloud_vpc_nat_gateway\nwhere\n not deletion_protection;","startLine":123,"endLine":132},{"lang":"sql+sqlite","code":"select\n name,\n nat_gateway_id,\n deletion_protection\nfrom\n alicloud_vpc_nat_gateway\nwhere\n deletion_protection = 0;","startLine":134,"endLine":143}],"isExampleQuery":true},"example_count_of_nat_gateways_per_vpc_id":{"org":"turbot","tables":["alicloud.alicloud_vpc_nat_gateway"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_nat_gateway.md","folder":"VPC","title":"Count of NAT gateways per VPC ID","titleLine":145,"name":"example_count_of_nat_gateways_per_vpc_id","id":"example_count_of_nat_gateways_per_vpc_id","description":"Assess the elements within your Alicloud Virtual Private Cloud (VPC) to understand the distribution of Network Address Translation (NAT) gateways. This allows for effective resource allocation and network planning.","descriptionStartLine":146,"queries":[{"lang":"sql+postgres","code":"select\n vpc_id,\n count(*) as nat_gateway_count\nfrom\n alicloud_vpc_nat_gateway\ngroup by\n vpc_id;","startLine":148,"endLine":156},{"lang":"sql+sqlite","code":"select\n vpc_id,\n count(*) as nat_gateway_count\nfrom\n alicloud_vpc_nat_gateway\ngroup by\n vpc_id;","startLine":158,"endLine":166}],"isExampleQuery":true},"example_list_the_vswitches_associated_with_each_network_acl":{"org":"turbot","tables":["alicloud.alicloud_vpc_network_acl"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_network_acl.md","folder":"VPC","title":"List the VSwitches associated with each network ACL","titleLine":39,"name":"example_list_the_vswitches_associated_with_each_network_acl","id":"example_list_the_vswitches_associated_with_each_network_acl","description":"Determine the associations between network access control lists (ACLs) and virtual switches in your network. This query is useful for assessing network security and understanding connection statuses within your virtual private cloud (VPC).","descriptionStartLine":40,"queries":[{"lang":"sql+postgres","code":"select\n network_acl_id,\n vpc_id,\n association ->> 'ResourceId' as vswitch_id,\n association ->> 'Status' as association_status\nfrom\n alicloud_vpc_network_acl,\n jsonb_array_elements(resources) as association\nwhere\n association ->> 'ResourceType' = 'VSwitch';","startLine":42,"endLine":53},{"lang":"sql+sqlite","code":"select\n network_acl_id,\n vpc_id,\n json_extract(association.value, '$.ResourceId') as vswitch_id,\n json_extract(association.value, '$.Status') as association_status\nfrom\n alicloud_vpc_network_acl,\n json_each(resources) as association\nwhere\n json_extract(association.value, '$.ResourceType') = 'VSwitch';","startLine":55,"endLine":66}],"isExampleQuery":true},"example_get_inbound_rule_info_for_each_network_acl":{"org":"turbot","tables":["alicloud.alicloud_vpc_network_acl"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_network_acl.md","folder":"VPC","title":"Get inbound rule info for each network ACL","titleLine":68,"name":"example_get_inbound_rule_info_for_each_network_acl","id":"example_get_inbound_rule_info_for_each_network_acl","description":"Explore the details of inbound rules for each network access control list (ACL), allowing you to understand the security settings and policies applied to your virtual private cloud (VPC). This can be useful in identifying potential security vulnerabilities or for auditing purposes.","descriptionStartLine":69,"queries":[{"lang":"sql+postgres","code":"select\n name,\n network_acl_id,\n vpc_id,\n i ->> 'NetworkAclEntryId' as network_acl_entry_id,\n i ->> 'NetworkAclEntryName' as network_acl_entry_name,\n i ->> 'Description' as description,\n i ->> 'EntryType' as entry_type,\n i ->> 'Policy' as policy,\n i ->> 'Port' as port,\n i ->> 'Protocol' as protocol,\n i ->> 'SourceCidrIp' as source_cidr_ip\nfrom\n alicloud_vpc_network_acl,\n jsonb_array_elements(ingress_acl_entries) as i;","startLine":71,"endLine":87},{"lang":"sql+sqlite","code":"select\n name,\n network_acl_id,\n vpc_id,\n json_extract(i.value, '$.NetworkAclEntryId') as network_acl_entry_id,\n json_extract(i.value, '$.NetworkAclEntryName') as network_acl_entry_name,\n json_extract(i.value, '$.Description') as description,\n json_extract(i.value, '$.EntryType') as entry_type,\n json_extract(i.value, '$.Policy') as policy,\n json_extract(i.value, '$.Port') as port,\n json_extract(i.value, '$.Protocol') as protocol,\n json_extract(i.value, '$.SourceCidrIp') as source_cidr_ip\nfrom\n alicloud_vpc_network_acl,\n json_each(ingress_acl_entries) as i;","startLine":89,"endLine":105}],"isExampleQuery":true},"example_get_outbound_rule_info_for_each_network_acl":{"org":"turbot","tables":["alicloud.alicloud_vpc_network_acl"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_network_acl.md","folder":"VPC","title":"Get outbound rule info for each network ACL","titleLine":107,"name":"example_get_outbound_rule_info_for_each_network_acl","id":"example_get_outbound_rule_info_for_each_network_acl","description":"Explore the outbound rules for each network access control list (ACL) to understand the restrictions placed on outgoing network traffic. This is crucial for maintaining network security by controlling which traffic is allowed to leave your network.","descriptionStartLine":108,"queries":[{"lang":"sql+postgres","code":"select\n name,\n network_acl_id,\n vpc_id,\n i ->> 'NetworkAclEntryId' as network_acl_entry_id,\n i ->> 'NetworkAclEntryName' as network_acl_entry_name,\n i ->> 'Description' as description,\n i ->> 'EntryType' as entry_type,\n i ->> 'Policy' as policy,\n i ->> 'Port' as port,\n i ->> 'Protocol' as protocol,\n i ->> 'DestinationCidrIp' as destination_cidr_ip\nfrom\n alicloud_vpc_network_acl,\n jsonb_array_elements(egress_acl_entries) as i;","startLine":110,"endLine":126},{"lang":"sql+sqlite","code":"select\n name,\n network_acl_id,\n vpc_id,\n json_extract(i.value, '$.NetworkAclEntryId') as network_acl_entry_id,\n json_extract(i.value, '$.NetworkAclEntryName') as network_acl_entry_name,\n json_extract(i.value, '$.Description') as description,\n json_extract(i.value, '$.EntryType') as entry_type,\n json_extract(i.value, '$.Policy') as policy,\n json_extract(i.value, '$.Port') as port,\n json_extract(i.value, '$.Protocol') as protocol,\n json_extract(i.value, '$.DestinationCidrIp') as destination_cidr_ip\nfrom\n alicloud_vpc_network_acl,\n json_each(egress_acl_entries) as i;","startLine":128,"endLine":144}],"isExampleQuery":true},"example_list_custom_route_entries":{"org":"turbot","tables":["alicloud.alicloud_vpc_route_entry"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_route_entry.md","folder":"VPC","title":"List custom route entries","titleLine":43,"name":"example_list_custom_route_entries","id":"example_list_custom_route_entries","description":"Explore custom route entries to understand their configuration and status. This can be useful for managing network traffic and ensuring optimal routing within your Alicloud Virtual Private Cloud (VPC).","descriptionStartLine":44,"queries":[{"lang":"sql+postgres","code":"select\n name,\n route_table_id,\n description,\n instance_id,\n route_entry_id,\n destination_cidr_block,\n type,\n status\nfrom\n alicloud_vpc_route_entry\nwhere\n type = 'Custom';","startLine":46,"endLine":60},{"lang":"sql+sqlite","code":"select\n name,\n route_table_id,\n description,\n instance_id,\n route_entry_id,\n destination_cidr_block,\n type,\n status\nfrom\n alicloud_vpc_route_entry\nwhere\n type = 'Custom';","startLine":62,"endLine":76}],"isExampleQuery":true},"example_list_route_entries_that_have_a_next_hop_type_of_vpn_gateway":{"org":"turbot","tables":["alicloud.alicloud_vpc_route_entry"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_route_entry.md","folder":"VPC","title":"List route entries that have a next hop type of VPN gateway","titleLine":78,"name":"example_list_route_entries_that_have_a_next_hop_type_of_vpn_gateway","id":"example_list_route_entries_that_have_a_next_hop_type_of_vpn_gateway","description":"Determine the areas in which your network's route entries are directed towards a VPN gateway. This is useful for assessing your network's connectivity and identifying potential security concerns.","descriptionStartLine":79,"queries":[{"lang":"sql+postgres","code":"select\n name,\n route_table_id,\n description,\n route_entry_id,\n destination_cidr_block,\n type,\n status\nfrom\n alicloud_vpc_route_entry,\n jsonb_array_elements(next_hops) as next_hop\nwhere\n next_hop ->> 'NextHopType' = 'VpnGateway';","startLine":81,"endLine":95},{"lang":"sql+sqlite","code":"select\n name,\n route_table_id,\n description,\n route_entry_id,\n destination_cidr_block,\n type,\n status\nfrom\n alicloud_vpc_route_entry,\n json_each(next_hops) as next_hop\nwhere\n json_extract(next_hop.value, '$.NextHopType') = 'VpnGateway';","startLine":97,"endLine":111}],"isExampleQuery":true},"example_get_vpc_and_vswitch_attachment_info_for_each_route_table":{"org":"turbot","tables":["alicloud.alicloud_vpc_route_table"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_route_table.md","folder":"VPC","title":"Get VPC and VSwitch attachment info for each route table","titleLine":39,"name":"example_get_vpc_and_vswitch_attachment_info_for_each_route_table","id":"example_get_vpc_and_vswitch_attachment_info_for_each_route_table","description":"Explore the relationships between your virtual private cloud (VPC) and virtual switch (VSwitch) by understanding their attachment details for each route table. This can be particularly useful in managing network routing and ensuring efficient data traffic within your cloud environment.","descriptionStartLine":40,"queries":[{"lang":"sql+postgres","code":"select\n name,\n route_table_id,\n vpc_id,\n jsonb_array_elements_text(vswitch_ids)\nfrom\n alicloud_vpc_route_table;","startLine":42,"endLine":50},{"lang":"sql+sqlite","code":"select\n name,\n route_table_id,\n vpc_id,\n json_each.value\nfrom\n alicloud_vpc_route_table,\n json_each(vswitch_ids);","startLine":52,"endLine":61}],"isExampleQuery":true},"example_routing_details_for_each_route_table":{"org":"turbot","tables":["alicloud.alicloud_vpc_route_table"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_route_table.md","folder":"VPC","title":"Routing details for each route table","titleLine":63,"name":"example_routing_details_for_each_route_table","id":"example_routing_details_for_each_route_table","description":"Explore the intricate details of your network routing configurations. This query can help you understand how data is being directed across your network, which can be critical for troubleshooting connectivity issues or optimizing network performance.","descriptionStartLine":64,"queries":[{"lang":"sql+postgres","code":"select\n route_table_id,\n route_detail ->> 'Description' as description,\n route_detail ->> 'DestinationCidrBlock' as destination_CIDR_block,\n route_detail ->> 'InstanceId' as instance_id,\n route_detail ->> 'IpVersion' as ip_version,\n route_detail ->> 'NextHopOppsiteInstanceId' as next_hop_oppsite_instance_id,\n route_detail ->> 'NextHopOppsiteRegionId' as next_hop_oppsite_region_id,\n route_detail ->> 'NextHopOppsiteType' as next_hop_oppsite_type,\n route_detail ->> 'NextHopRegionId' as next_hop_region_id,\n route_detail ->> 'NextHopType' as next_hop_type,\n route_detail ->> 'RouteEntryId' as route_entry_id,\n route_detail ->> 'RouteEntryName' as route_entry_name,\n route_detail ->> 'RouteTableId' as route_table_id,\n route_detail ->> 'Status' as status\nfrom\n alicloud_vpc_route_table,\n jsonb_array_elements(route_entries) as route_detail;","startLine":66,"endLine":85},{"lang":"sql+sqlite","code":"$5f","startLine":87,"endLine":106}],"isExampleQuery":true},"example_list_route_tables_without_application_tag_key":{"org":"turbot","tables":["alicloud.alicloud_vpc_route_table"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_route_table.md","folder":"VPC","title":"List route tables without application tag key","titleLine":108,"name":"example_list_route_tables_without_application_tag_key","id":"example_list_route_tables_without_application_tag_key","description":"Determine the areas in which route tables lack an application tag key. This can be useful for identifying potential gaps in your tagging strategy, ensuring that all resources are correctly tagged for better management and organization.","descriptionStartLine":109,"queries":[{"lang":"sql+postgres","code":"select\n name,\n route_table_id\nfrom\n alicloud_vpc_route_table\nwhere\n not tags :: JSONB ? 'application';","startLine":111,"endLine":119},{"lang":"sql+sqlite","code":"select\n name,\n route_table_id\nfrom\n alicloud_vpc_route_table\nwhere\n json_extract(tags, '$.application') is null;","startLine":121,"endLine":129}],"isExampleQuery":true},"example_list_of_expired_certificates":{"org":"turbot","tables":["alicloud.alicloud_vpc_ssl_vpn_client_cert"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_ssl_vpn_client_cert.md","folder":"VPC","title":"List of expired certificates","titleLine":33,"name":"example_list_of_expired_certificates","id":"example_list_of_expired_certificates","description":"Identify instances where SSL VPN client certificates have expired in your AliCloud VPC environment. This query is useful for maintaining security standards and for timely renewal of certificates.","descriptionStartLine":34,"queries":[{"lang":"sql+postgres","code":"select\n name,\n ssl_vpn_client_cert_id,\n status\nfrom\n alicloud_vpc_ssl_vpn_client_cert\nwhere\n status = 'expired';","startLine":36,"endLine":45},{"lang":"sql+sqlite","code":"select\n name,\n ssl_vpn_client_cert_id,\n status\nfrom\n alicloud_vpc_ssl_vpn_client_cert\nwhere\n status = 'expired';","startLine":47,"endLine":56}],"isExampleQuery":true},"example_list_of_certificates_that_will_expire_in_one_week":{"org":"turbot","tables":["alicloud.alicloud_vpc_ssl_vpn_client_cert"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_ssl_vpn_client_cert.md","folder":"VPC","title":"List of certificates that will expire in one week","titleLine":58,"name":"example_list_of_certificates_that_will_expire_in_one_week","id":"example_list_of_certificates_that_will_expire_in_one_week","description":"Identify instances where SSL VPN client certificates are nearing their expiration date. This is useful for ensuring timely renewal and maintaining uninterrupted VPN service.","descriptionStartLine":59,"queries":[{"lang":"sql+postgres","code":"select\n name,\n ssl_vpn_client_cert_id,\n status\nfrom\n alicloud_vpc_ssl_vpn_client_cert\nwhere\n status = 'expiring-soon';","startLine":61,"endLine":70},{"lang":"sql+sqlite","code":"select\n name,\n ssl_vpn_client_cert_id,\n status\nfrom\n alicloud_vpc_ssl_vpn_client_cert\nwhere\n status = 'expiring-soon';","startLine":72,"endLine":81}],"isExampleQuery":true},"example_certificate_count_by_ssl_server":{"org":"turbot","tables":["alicloud.alicloud_vpc_ssl_vpn_client_cert"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_ssl_vpn_client_cert.md","folder":"VPC","title":"Certificate count by SSL server","titleLine":83,"name":"example_certificate_count_by_ssl_server","id":"example_certificate_count_by_ssl_server","description":"Determine the number of certificates associated with each SSL server to monitor your network's security. This can help in managing certificate distribution and identifying servers with unusually high or low certificate counts.","descriptionStartLine":84,"queries":[{"lang":"sql+postgres","code":"select\n ssl_vpn_server_id,\n count (ssl_vpn_client_cert_id) as certificate_count\nfrom\n alicloud_vpc_ssl_vpn_client_cert\ngroup by\n ssl_vpn_server_id;","startLine":86,"endLine":94},{"lang":"sql+sqlite","code":"select\n ssl_vpn_server_id,\n count (ssl_vpn_client_cert_id) as certificate_count\nfrom\n alicloud_vpc_ssl_vpn_client_cert\ngroup by\n ssl_vpn_server_id;","startLine":96,"endLine":104}],"isExampleQuery":true},"example_get_the_ssl_vpn_servers_that_do_not_compress_the_transmitted_data":{"org":"turbot","tables":["alicloud.alicloud_vpc_ssl_vpn_server"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_ssl_vpn_server.md","folder":"VPC","title":"Get the SSL VPN servers that do not compress the transmitted data","titleLine":39,"name":"example_get_the_ssl_vpn_servers_that_do_not_compress_the_transmitted_data","id":"example_get_the_ssl_vpn_servers_that_do_not_compress_the_transmitted_data","description":"Explore which SSL VPN servers are not compressing transmitted data, enabling you to identify potential areas for bandwidth optimization and improved performance.","descriptionStartLine":40,"queries":[{"lang":"sql+postgres","code":"select\n name,\n ssl_vpn_server_id,\n is_compressed\nfrom\n alicloud_vpc_ssl_vpn_server\nwhere\n not is_compressed;","startLine":42,"endLine":51},{"lang":"sql+sqlite","code":"select\n name,\n ssl_vpn_server_id,\n is_compressed\nfrom\n alicloud_vpc_ssl_vpn_server\nwhere\n not is_compressed;","startLine":53,"endLine":62}],"isExampleQuery":true},"example_list_of_all_ssl_vpn_servers_that_do_not_use_aes_256_cbc_encryption":{"org":"turbot","tables":["alicloud.alicloud_vpc_ssl_vpn_server"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_ssl_vpn_server.md","folder":"VPC","title":"List of all SSL VPN servers that do not use AES-256-CBC encryption","titleLine":64,"name":"example_list_of_all_ssl_vpn_servers_that_do_not_use_aes_256_cbc_encryption","id":"example_list_of_all_ssl_vpn_servers_that_do_not_use_aes_256_cbc_encryption","description":"Discover the segments that are utilizing encryption standards other than AES-256-CBC for their SSL VPN servers. This can be particularly useful in identifying potential security risks and ensuring the highest level of data protection.","descriptionStartLine":65,"queries":[{"lang":"sql+postgres","code":"select\n name,\n ssl_vpn_server_id,\n cipher\nfrom\n alicloud_vpc_ssl_vpn_server\nwhere\n cipher <> 'AES-256-CBC';","startLine":67,"endLine":76},{"lang":"sql+sqlite","code":"select\n name,\n ssl_vpn_server_id,\n cipher\nfrom\n alicloud_vpc_ssl_vpn_server\nwhere\n cipher <> 'AES-256-CBC';","startLine":78,"endLine":87}],"isExampleQuery":true},"example_list_of_all_ssl_vpn_servers_for_which_two_factor_authentication_is_not_enabled":{"org":"turbot","tables":["alicloud.alicloud_vpc_ssl_vpn_server"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_ssl_vpn_server.md","folder":"VPC","title":"List of all SSL VPN servers for which Two-factor Authentication is not enabled","titleLine":89,"name":"example_list_of_all_ssl_vpn_servers_for_which_two_factor_authentication_is_not_enabled","id":"example_list_of_all_ssl_vpn_servers_for_which_two_factor_authentication_is_not_enabled","description":"Determine the areas in which two-factor authentication is not enabled for SSL VPN servers. This can be valuable in identifying potential security vulnerabilities in your network infrastructure.","descriptionStartLine":90,"queries":[{"lang":"sql+postgres","code":"select\n name,\n ssl_vpn_server_id,\n enable_multi_factor_auth\nfrom\n alicloud_vpc_ssl_vpn_server\nwhere\n not enable_multi_factor_auth;","startLine":92,"endLine":101},{"lang":"sql+sqlite","code":"select\n name,\n ssl_vpn_server_id,\n enable_multi_factor_auth\nfrom\n alicloud_vpc_ssl_vpn_server\nwhere\n not enable_multi_factor_auth;","startLine":103,"endLine":112}],"isExampleQuery":true},"example_view_ssl_vpn_server_ip_information":{"org":"turbot","tables":["alicloud.alicloud_vpc_ssl_vpn_server"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_ssl_vpn_server.md","folder":"VPC","title":"View SSL VPN server IP information","titleLine":114,"name":"example_view_ssl_vpn_server_ip_information","id":"example_view_ssl_vpn_server_ip_information","description":"Explore the IP details of your SSL VPN servers, including their internet-facing IP and the client IP pool. This can be beneficial in network troubleshooting and security audits to ensure correct configuration and operation.","descriptionStartLine":115,"queries":[{"lang":"sql+postgres","code":"select\n name,\n ssl_vpn_server_id,\n internet_ip,\n client_ip_pool,\n local_subnet\nfrom\n alicloud_vpc_ssl_vpn_server;","startLine":117,"endLine":126},{"lang":"sql+sqlite","code":"select\n name,\n ssl_vpn_server_id,\n internet_ip,\n client_ip_pool,\n local_subnet\nfrom\n alicloud_vpc_ssl_vpn_server;","startLine":128,"endLine":137}],"isExampleQuery":true},"example_list_of_client_certs_for_each_ssl_vpn_server":{"org":"turbot","tables":["alicloud.alicloud_vpc_ssl_vpn_server"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_ssl_vpn_server.md","folder":"VPC","title":"List of Client Certs for each SSL VPN server","titleLine":139,"name":"example_list_of_client_certs_for_each_ssl_vpn_server","id":"example_list_of_client_certs_for_each_ssl_vpn_server","description":"Explore the relationship between your SSL VPN servers and their associated client certificates. This can help in managing and maintaining your network's security infrastructure by ensuring that each VPN server has the appropriate client certificates.","descriptionStartLine":140,"queries":[{"lang":"sql+postgres","code":"select\n s.name,\n s.ssl_vpn_server_id,\n c.name,\n c.ssl_vpn_client_cert_id\nfrom\n alicloud_vpc_ssl_vpn_server as s\nleft join alicloud_vpc_ssl_vpn_client_cert as c\n on s.ssl_vpn_server_id = c.ssl_vpn_server_id\n","startLine":142,"endLine":153},{"lang":"sql+sqlite","code":"select\n s.name,\n s.ssl_vpn_server_id,\n c.name,\n c.ssl_vpn_client_cert_id\nfrom\n alicloud_vpc_ssl_vpn_server as s\nleft join alicloud_vpc_ssl_vpn_client_cert as c\n on s.ssl_vpn_server_id = c.ssl_vpn_server_id","startLine":155,"endLine":165}],"isExampleQuery":true},"example_count_of_client_certs_for_each_ssl_vpn_server":{"org":"turbot","tables":["alicloud.alicloud_vpc_ssl_vpn_server"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_ssl_vpn_server.md","folder":"VPC","title":"Count of Client Certs for each SSL VPN server","titleLine":167,"name":"example_count_of_client_certs_for_each_ssl_vpn_server","id":"example_count_of_client_certs_for_each_ssl_vpn_server","description":"This example helps to analyze the distribution of client certificates across various SSL VPN servers. It's useful in understanding the load distribution and managing the capacity of each server efficiently.","descriptionStartLine":168,"queries":[{"lang":"sql+postgres","code":"select\n s.name,\n count(c.ssl_vpn_client_cert_id)\nfrom\n alicloud_vpc_ssl_vpn_server as s\nleft join alicloud_vpc_ssl_vpn_client_cert as c\n on s.ssl_vpn_server_id = c.ssl_vpn_server_id\ngroup by\n s.name;\n","startLine":170,"endLine":181},{"lang":"sql+sqlite","code":"select\n s.name,\n count(c.ssl_vpn_client_cert_id)\nfrom\n alicloud_vpc_ssl_vpn_server as s\nleft join alicloud_vpc_ssl_vpn_client_cert as c\n on s.ssl_vpn_server_id = c.ssl_vpn_server_id\ngroup by\n s.name;","startLine":183,"endLine":193}],"isExampleQuery":true},"example_get_the_vpn_connections_which_are_not_healthy":{"org":"turbot","tables":["alicloud.alicloud_vpc_vpn_connection"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_vpn_connection.md","folder":"VPC","title":"Get the vpn connections which are not healthy","titleLine":39,"name":"example_get_the_vpn_connections_which_are_not_healthy","id":"example_get_the_vpn_connections_which_are_not_healthy","description":"Identify instances where VPN connections are not in a healthy state. This is useful for troubleshooting network issues and ensuring secure and reliable connectivity.","descriptionStartLine":40,"queries":[{"lang":"sql+postgres","code":"select\n name,\n vpn_connection_id,\n vco_health_check ->> 'Status' as health_check_status,\n status\nfrom\n alicloud_vpc_vpn_connection\nwhere vco_health_check ->> 'Status' = 'failed';","startLine":42,"endLine":51},{"lang":"sql+sqlite","code":"select\n name,\n vpn_connection_id,\n json_extract(vco_health_check, '$.Status') as health_check_status,\n status\nfrom\n alicloud_vpc_vpn_connection\nwhere json_extract(vco_health_check, '$.Status') = 'failed';","startLine":53,"endLine":62}],"isExampleQuery":true},"example_get_the_bgp_configuration_information_of_vpn_connections":{"org":"turbot","tables":["alicloud.alicloud_vpc_vpn_connection"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_vpn_connection.md","folder":"VPC","title":"Get the BGP configuration information of vpn connections","titleLine":64,"name":"example_get_the_bgp_configuration_information_of_vpn_connections","id":"example_get_the_bgp_configuration_information_of_vpn_connections","description":"Assess the elements within your VPN connections to understand the status and configuration of Border Gateway Protocol (BGP). This is useful for monitoring the health and performance of your VPN connections.","descriptionStartLine":65,"queries":[{"lang":"sql+postgres","code":"select\n name,\n vpn_connection_id,\n vpn_bgp_config ->> 'EnableBgp' as enable_bgp,\n vpn_bgp_config ->> 'LocalAsn' as local_asn,\n vpn_bgp_config ->> 'LocalBgpIp' as local_bgp_ip,\n vpn_bgp_config ->> 'PeerAsn' as peer_asn,\n vpn_bgp_config ->> 'PeerBgpIp' as peer_bgp_ip,\n vpn_bgp_config ->> 'Status' as status,\n vpn_bgp_config ->> 'TunnelCidr' as tunnel_cidr\nfrom\n alicloud_vpc_vpn_connection;","startLine":67,"endLine":80},{"lang":"sql+sqlite","code":"select\n name,\n vpn_connection_id,\n json_extract(vpn_bgp_config, '$.EnableBgp') as enable_bgp,\n json_extract(vpn_bgp_config, '$.LocalAsn') as local_asn,\n json_extract(vpn_bgp_config, '$.LocalBgpIp') as local_bgp_ip,\n json_extract(vpn_bgp_config, '$.PeerAsn') as peer_asn,\n json_extract(vpn_bgp_config, '$.PeerBgpIp') as peer_bgp_ip,\n json_extract(vpn_bgp_config, '$.Status') as status,\n json_extract(vpn_bgp_config, '$.TunnelCidr') as tunnel_cidr\nfrom\n alicloud_vpc_vpn_connection;","startLine":82,"endLine":95}],"isExampleQuery":true},"example_get_the_vpn_connections_where_nat_traversal_feature_is_enabled":{"org":"turbot","tables":["alicloud.alicloud_vpc_vpn_connection"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_vpn_connection.md","folder":"VPC","title":"Get the vpn connections where NAT traversal feature is enabled","titleLine":98,"name":"example_get_the_vpn_connections_where_nat_traversal_feature_is_enabled","id":"example_get_the_vpn_connections_where_nat_traversal_feature_is_enabled","description":"Identify instances where the NAT traversal feature is enabled in VPN connections. This can be useful to ensure secure and efficient data communication in scenarios where private networks are interconnected over the internet.","descriptionStartLine":99,"queries":[{"lang":"sql+postgres","code":"select\n name,\n vpn_connection_id,\n enable_nat_traversal\nfrom\n alicloud_vpc_vpn_connection\nwhere enable_nat_traversal;","startLine":101,"endLine":109},{"lang":"sql+sqlite","code":"select\n name,\n vpn_connection_id,\n enable_nat_traversal\nfrom\n alicloud_vpc_vpn_connection\nwhere enable_nat_traversal = 1;","startLine":111,"endLine":119}],"isExampleQuery":true},"example_get_the_ip_address_of_each_customer_gateway":{"org":"turbot","tables":["alicloud.alicloud_vpc_vpn_customer_gateway"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_vpn_customer_gateway.md","folder":"VPC","title":"Get the IP address of each customer gateway","titleLine":35,"name":"example_get_the_ip_address_of_each_customer_gateway","id":"example_get_the_ip_address_of_each_customer_gateway","description":"Explore which customer gateways are associated with specific IP addresses to better manage network connections and troubleshoot potential issues. This query is beneficial for maintaining secure and efficient connectivity within your virtual private cloud (VPC).","descriptionStartLine":36,"queries":[{"lang":"sql+postgres","code":"select\n name,\n customer_gateway_id,\n ip_address\nfrom\n alicloud_vpc_vpn_customer_gateway;","startLine":38,"endLine":45},{"lang":"sql+sqlite","code":"select\n name,\n customer_gateway_id,\n ip_address\nfrom\n alicloud_vpc_vpn_customer_gateway;","startLine":47,"endLine":54}],"isExampleQuery":true},"example_get_the_vpc_and_vswitch_info_of_vpn_gateway":{"org":"turbot","tables":["alicloud.alicloud_vpc_vpn_gateway"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_vpn_gateway.md","folder":"VPC","title":"Get the VPC and VSwitch info of VPN gateway","titleLine":44,"name":"example_get_the_vpc_and_vswitch_info_of_vpn_gateway","id":"example_get_the_vpc_and_vswitch_info_of_vpn_gateway","description":"Determine the areas in which the VPN gateway is connected by identifying the associated VPC and VSwitch. This aids in network management and understanding the connectivity of your virtual private network.","descriptionStartLine":45,"queries":[{"lang":"sql+postgres","code":"select\n name,\n vpn_gateway_id,\n vpc_id vswitch_id\nfrom\n alicloud_vpc_vpn_gateway;","startLine":47,"endLine":54},{"lang":"sql+sqlite","code":"select\n name,\n vpn_gateway_id,\n vpc_id as vswitch_id\nfrom\n alicloud_vpc_vpn_gateway;","startLine":56,"endLine":63}],"isExampleQuery":true},"example_get_the_vpn_gateways_where_ssl_vpn_is_enabled":{"org":"turbot","tables":["alicloud.alicloud_vpc_vpn_gateway"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_vpn_gateway.md","folder":"VPC","title":"Get the vpn gateways where SSL VPN is enabled","titleLine":66,"name":"example_get_the_vpn_gateways_where_ssl_vpn_is_enabled","id":"example_get_the_vpn_gateways_where_ssl_vpn_is_enabled","description":"Determine the areas in your network where SSL VPN is enabled, allowing you to assess security measures and manage potential vulnerabilities. This query is useful for identifying and mitigating potential security risks in your network infrastructure.","descriptionStartLine":67,"queries":[{"lang":"sql+postgres","code":"select\n name,\n vpn_gateway_id,\n ssl_vpn,\n ssl_max_connections\nfrom\n alicloud_vpc_vpn_gateway\nwhere\n ssl_vpn = 'enable';","startLine":69,"endLine":79},{"lang":"sql+sqlite","code":"select\n name,\n vpn_gateway_id,\n ssl_vpn,\n ssl_max_connections\nfrom\n alicloud_vpc_vpn_gateway\nwhere\n ssl_vpn = 'enable';","startLine":81,"endLine":91}],"isExampleQuery":true},"example_vpn_gateway_count_by_vpc_id":{"org":"turbot","tables":["alicloud.alicloud_vpc_vpn_gateway"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_vpn_gateway.md","folder":"VPC","title":"VPN gateway count by VPC ID","titleLine":94,"name":"example_vpn_gateway_count_by_vpc_id","id":"example_vpn_gateway_count_by_vpc_id","description":"Identify the number of VPN gateways associated with each VPC to better manage network resources and optimize security configurations.","descriptionStartLine":95,"queries":[{"lang":"sql+postgres","code":"select\n vpc_id,\n count(vpn_gateway_id) as vpn_gateway_count\nfrom\n alicloud_vpc_vpn_gateway\ngroup by\n vpc_id;","startLine":97,"endLine":105},{"lang":"sql+sqlite","code":"select\n vpc_id,\n count(vpn_gateway_id) as vpn_gateway_count\nfrom\n alicloud_vpc_vpn_gateway\ngroup by\n vpc_id;","startLine":107,"endLine":115}],"isExampleQuery":true},"example_list_of_vpn_gateways_without_application_tag_key":{"org":"turbot","tables":["alicloud.alicloud_vpc_vpn_gateway"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_vpn_gateway.md","folder":"VPC","title":"List of VPN gateways without application tag key","titleLine":118,"name":"example_list_of_vpn_gateways_without_application_tag_key","id":"example_list_of_vpn_gateways_without_application_tag_key","description":"Discover the segments that are missing application tags in VPN gateways. This is useful for identifying untagged resources that may need to be categorized for better resource management.","descriptionStartLine":119,"queries":[{"lang":"sql+postgres","code":"select\n vpn_gateway_id,\n tags\nfrom\n alicloud_vpc_vpn_gateway\nwhere\n tags -> 'application' is null;","startLine":121,"endLine":129},{"lang":"sql+sqlite","code":"select\n vpn_gateway_id,\n tags\nfrom\n alicloud_vpc_vpn_gateway\nwhere\n json_extract(tags, '$.application') is null;","startLine":131,"endLine":139}],"isExampleQuery":true},"example_list_inactive_vpn_gateways":{"org":"turbot","tables":["alicloud.alicloud_vpc_vpn_gateway"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_vpn_gateway.md","folder":"VPC","title":"List inactive VPN gateways","titleLine":142,"name":"example_list_inactive_vpn_gateways","id":"example_list_inactive_vpn_gateways","description":"Identify instances where VPN gateways are not active in your Alicloud VPC. This can be useful to audit and manage your network resources effectively by pinpointing potential network vulnerabilities or unnecessary costs.","descriptionStartLine":143,"queries":[{"lang":"sql+postgres","code":"select\n vpn_gateway_id,\n status,\n create_time,\n jsonb_pretty(tags)\nfrom\n alicloud_vpc_vpn_gateway\nwhere\n status <> 'active';","startLine":145,"endLine":155},{"lang":"sql+sqlite","code":"select\n vpn_gateway_id,\n status,\n create_time,\n tags\nfrom\n alicloud_vpc_vpn_gateway\nwhere\n status <> 'active';","startLine":157,"endLine":167}],"isExampleQuery":true},"example_get_the_number_of_available_ip_addresses_in_each_vswitch":{"org":"turbot","tables":["alicloud.alicloud_vpc_vswitch"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_vswitch.md","folder":"VPC","title":"Get the number of available IP addresses in each VSwitch","titleLine":40,"name":"example_get_the_number_of_available_ip_addresses_in_each_vswitch","id":"example_get_the_number_of_available_ip_addresses_in_each_vswitch","description":"Explore the capacity of each VSwitch by determining the number of available IP addresses. This can aid in resource allocation and network planning.","descriptionStartLine":41,"queries":[{"lang":"sql+postgres","code":"select\n name,\n vswitch_id,\n available_ip_address_count,\n power(2, 32 - masklen(cidr_block :: cidr)) -1 as raw_size\nfrom\n alicloud_vpc_vswitch;","startLine":43,"endLine":51},{"lang":"sql+sqlite","code":"Error: SQLite does not support CIDR operations.","startLine":53,"endLine":55}],"isExampleQuery":true},"example_route_table_info_associated_with_vswitch":{"org":"turbot","tables":["alicloud.alicloud_vpc_vswitch"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_vswitch.md","folder":"VPC","title":"Route Table info associated with VSwitch","titleLine":57,"name":"example_route_table_info_associated_with_vswitch","id":"example_route_table_info_associated_with_vswitch","description":"Explore the relationship between your VSwitch and its associated route tables in your Alicloud VPC setup. This allows you to gain insights into your network's routing configurations and better manage your network traffic flow.","descriptionStartLine":58,"queries":[{"lang":"sql+postgres","code":"select\n name,\n vswitch_id,\n route_table ->> 'RouteTableId' as route_table_id,\n route_table ->> 'RouteTableType' as route_table_type,\n route_table -> 'RouteEntrys' -> 'RouteEntry' as route_entry\nfrom\n alicloud_vpc_vswitch;","startLine":60,"endLine":69},{"lang":"sql+sqlite","code":"select\n name,\n vswitch_id,\n json_extract(route_table, '$.RouteTableId') as route_table_id,\n json_extract(route_table, '$.RouteTableType') as route_table_type,\n json_extract(route_table, '$.RouteEntrys.RouteEntry') as route_entry\nfrom\n alicloud_vpc_vswitch;","startLine":71,"endLine":80}],"isExampleQuery":true},"example_vswitch_count_by_vpc_id":{"org":"turbot","tables":["alicloud.alicloud_vpc_vswitch"],"plugins":["turbot/alicloud"],"sourcePath":"alicloud_vpc_vswitch.md","folder":"VPC","title":"VSwitch count by VPC ID","titleLine":83,"name":"example_vswitch_count_by_vpc_id","id":"example_vswitch_count_by_vpc_id","description":"Determine the number of virtual switches within each Virtual Private Cloud to effectively manage network resources and ensure optimal distribution.","descriptionStartLine":84,"queries":[{"lang":"sql+postgres","code":"select\n vpc_id,\n count(vswitch_id) as vswitch_count\nfrom\n alicloud_vpc_vswitch\ngroup by\n vpc_id;","startLine":86,"endLine":94},{"lang":"sql+sqlite","code":"select\n vpc_id,\n count(vswitch_id) as vswitch_count\nfrom\n alicloud_vpc_vswitch\ngroup by\n vpc_id;","startLine":96,"endLine":104}],"isExampleQuery":true}}},"nameWithTag":"alicloud","tag":"latest","allowIndex":true},"sidebarData":{"org":"turbot","name":"alicloud","type":"queries","searchPlaceholder":"Search queries...","algoliaIndex":"production_HUB_STEAMPIPE_PLUGIN_EXAMPLES"},"children":["$","$L8",null,{"parallelRouterKey":"children","segmentPath":["children","plugins","children","$9","children","$a","children","queries","children"],"error":"$undefined","errorStyles":"$undefined","errorScripts":"$undefined","template":["$","$Ld",null,{}],"templateStyles":"$undefined","templateScripts":"$undefined","notFound":"$undefined","notFoundStyles":"$undefined"}]}]

Query: Get the security group rules that allow inbound public access to all tcp or udp ports

Description

Query

SQL