Table: alicloud_account - Query Alibaba Cloud Accounts using SQL
An Alibaba Cloud Account is a basic organizational unit of Alibaba Cloud resources. It is used to sign up for and manage Alibaba Cloud products and services, and to manage resource access permissions. It is also used to manage billing by setting up payment methods and managing invoices.
Table Usage Guide
The alicloud_account
table provides insights into Alibaba Cloud Accounts. As a Cloud Administrator, explore account-specific details through this table, including account ID, account name, and account type. Utilize it to uncover information about accounts, such as those with specific account types, the account names, and the verification of account IDs.
Examples
Basic info
Explore the different aliases, account IDs, and titles within your Alicloud account. This can be particularly useful to understand the structure and organization of your account, aiding in efficient management and oversight.
select alias, account_id, akas, titlefrom alicloud_account;
select alias, account_id, akas, titlefrom alicloud_account;
Query examples
- account_count
- account_table
- ecs_disk_by_account
- ecs_disk_encryption_table
- ecs_disk_storage_by_account
- ecs_instance_by_account
- ecs_instance_public_access_table
- ecs_security_group_by_acount
- ecs_snapshot_by_account
- ecs_snapshot_storage_by_account
- kms_cmk_lifecycle_table
- kms_key_age_table
- kms_key_by_account
- oss_bucket_age_table
- oss_bucket_by_account
- oss_bucket_lifecycle_table
- oss_bucket_logging_table
- oss_bucket_public_access_table
- ram_credential_entities_root_access_keys_table
- ram_group_age_table
- ram_groups_by_account
- ram_role_age_table
- ram_roles_by_account
- ram_user_age_table
- ram_user_mfa_table
- ram_users_by_account
- rds_instance_by_account
- vpc_by_account
Control examples
- 1.10 Ensure RAM password policy require at least one number
- 1.11 Ensure RAM password policy requires minimum length of 14 or greater
- 1.12 Ensure RAM password policy prevents password reuse
- 1.13 Ensure RAM password policy expires passwords within 90 days or less
- 1.14 Ensure RAM password policy temporarily blocks logon after 5 incorrect logon attempts within an hour
- 1.7 Ensure RAM password policy requires at least one uppercase letter
- 1.8 Ensure RAM password policy requires at least one lowercase letter
- 1.9 Ensure RAM password policy require at least one symbol
- 2.10 Ensure log monitoring and alerts are set up for RAM Role changes
- 2.11 Ensure log monitoring and alerts are set up for Cloud Firewall changes
- 2.12 Ensure log monitoring and alerts are set up for VPC network route changes
- 2.13 Ensure log monitoring and alerts are set up for VPC changes
- 2.14 Ensure log monitoring and alerts are set up for OSS permission changes
- 2.15 Ensure log monitoring and alerts are set up for RDS instance configuration changes
- 2.16 Ensure a log monitoring and alerts are set up for unauthorized API calls
- 2.17 Ensure a log monitoring and alerts are set up for Management Console sign-in without MFA
- 2.18 Ensure a log monitoring and alerts are set up for usage of 'root' account
- 2.19 Ensure a log monitoring and alerts are set up for Management Console authentication failures
- 2.20 Ensure a log monitoring and alerts are set up for disabling or deletion of customer created CMKs
- 2.21 Ensure a log monitoring and alerts are set up for OSS bucket policy changes
- 2.22 Ensure a log monitoring and alerts are set up for security group changes
- 2.23 Ensure that Logstore data retention period is set 365 days or greater
- 2.3 Ensure audit logs for multiple cloud resources are integrated with Log Service
- 2.4 Ensure Log Service is enabled for Container Service for Kubernetes
- 2.5 Ensure virtual network flow log service is enabled
- 2.6 Ensure Anti-DDoS access and security log service is enabled
- 2.7 Ensure Web Application Firewall access and security log service is enabled
- 2.8 Ensure Cloud Firewall access and security log analysis is enabled
- 2.9 Ensure Security Center Network, Host and Security log analysis is enabled
- 3.3 Ensure VPC flow logging is enabled in all VPCs
- 3.4 Ensure routing tables for VPC peering are 'least access'
- 3.5 Ensure the security group are configured with fine grained rules
- 4.5 Ensure that the latest OS Patches for all Virtual Machines are applied
- 5.2 Ensure that there are no publicly accessible objects in storage buckets
- 5.5 Ensure that the shared URL signature expires within an hour
- 5.6 Ensure that URL signature is allowed only over https
- 7.1 Ensure Log Service is set to 'Enabled' on Kubernetes Engine Clusters
- 7.4 Ensure Cluster Check triggered at least once per week for Kubernetes Clusters
- 7.5 Ensure Kubernetes web UI / Dashboard is not enabled
- 7.6 Ensure Basic Authentication is not enabled on Kubernetes Engine
- 7.9 Ensure Kubernetes Cluster is created with Private cluster enabled
- 8.3 Ensure that Automatic Quarantine is enabled
- 8.4 Ensure that Webshell detection is enabled on all web servers
- 8.5 Ensure that notification is enabled on all high risk items
- 8.6 Ensure that Config Assessment is granted with privilege
- 8.7 Ensure that scheduled vulnerability scan is enabled on all servers
- 8.8 Ensure that Asset Fingerprint automatically collects asset fingerprint data
Schema for alicloud_account
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
account_id | text | The Alicloud Account ID in which the resource is located. | |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
alias | text | Specify the alias associated with the account. | |
region | text | The Alicloud region in which the resource is located. | |
title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- alicloud
You can pass the configuration to the command with the --config
argument:
steampipe_export_alicloud --config '<your_config>' alicloud_account