alicloud_accountalicloud_action_trailalicloud_cas_certificatealicloud_cms_monitor_hostalicloud_cs_kubernetes_clusteralicloud_cs_kubernetes_cluster_nodealicloud_ecs_auto_provisioning_groupalicloud_ecs_autoscaling_groupalicloud_ecs_diskalicloud_ecs_disk_metric_read_iopsalicloud_ecs_disk_metric_read_iops_dailyalicloud_ecs_disk_metric_read_iops_hourlyalicloud_ecs_disk_metric_write_iopsalicloud_ecs_disk_metric_write_iops_dailyalicloud_ecs_disk_metric_write_iops_hourlyalicloud_ecs_imagealicloud_ecs_instancealicloud_ecs_instance_metric_cpu_utilization_dailyalicloud_ecs_instance_metric_cpu_utilization_hourlyalicloud_ecs_key_pairalicloud_ecs_launch_templatealicloud_ecs_network_interfacealicloud_ecs_regionalicloud_ecs_security_groupalicloud_ecs_snapshotalicloud_ecs_zonealicloud_kms_keyalicloud_kms_secretalicloud_oss_bucketalicloud_ram_access_keyalicloud_ram_credential_reportalicloud_ram_groupalicloud_ram_password_policyalicloud_ram_policyalicloud_ram_rolealicloud_ram_security_preferencealicloud_ram_useralicloud_rds_backupalicloud_rds_databasealicloud_rds_instancealicloud_rds_instance_metric_connectionsalicloud_rds_instance_metric_connections_dailyalicloud_rds_instance_metric_cpu_utilizationalicloud_rds_instance_metric_cpu_utilization_dailyalicloud_rds_instance_metric_cpu_utilization_hourlyalicloud_security_center_field_statisticsalicloud_security_center_versionalicloud_slb_load_balanceralicloud_vpcalicloud_vpc_dhcp_options_setalicloud_vpc_eipalicloud_vpc_flow_logalicloud_vpc_nat_gatewayalicloud_vpc_network_aclalicloud_vpc_route_entryalicloud_vpc_route_tablealicloud_vpc_ssl_vpn_client_certalicloud_vpc_ssl_vpn_serveralicloud_vpc_vpn_connectionalicloud_vpc_vpn_customer_gatewayalicloud_vpc_vpn_gatewayalicloud_vpc_vswitch
Table: alicloud_account - Query Alibaba Cloud Accounts using SQL
An Alibaba Cloud Account is a basic organizational unit of Alibaba Cloud resources. It is used to sign up for and manage Alibaba Cloud products and services, and to manage resource access permissions. It is also used to manage billing by setting up payment methods and managing invoices.
Table Usage Guide
The alicloud_account table provides insights into Alibaba Cloud Accounts. As a Cloud Administrator, explore account-specific details through this table, including account ID, account name, and account type. Utilize it to uncover information about accounts, such as those with specific account types, the account names, and the verification of account IDs.
Examples
Basic info
Explore the different aliases, account IDs, and titles within your Alicloud account. This can be particularly useful to understand the structure and organization of your account, aiding in efficient management and oversight.
select alias, account_id, akas, titlefrom alicloud_account;select alias, account_id, akas, titlefrom alicloud_account;Query examples
- account_count
- account_table
- ecs_disk_by_account
- ecs_disk_encryption_table
- ecs_disk_storage_by_account
- ecs_instance_by_account
- ecs_instance_public_access_table
- ecs_security_group_by_acount
- ecs_snapshot_by_account
- ecs_snapshot_storage_by_account
- kms_cmk_lifecycle_table
- kms_key_age_table
- kms_key_by_account
- oss_bucket_age_table
- oss_bucket_by_account
- oss_bucket_lifecycle_table
- oss_bucket_logging_table
- oss_bucket_public_access_table
- ram_credential_entities_root_access_keys_table
- ram_group_age_table
- ram_groups_by_account
- ram_role_age_table
- ram_roles_by_account
- ram_user_age_table
- ram_user_mfa_table
- ram_users_by_account
- rds_instance_by_account
- vpc_by_account
Control examples
- CIS v1.0.0 > 1 Identity and Access Management > 1.10 Ensure RAM password policy require at least one number
- CIS v1.0.0 > 1 Identity and Access Management > 1.11 Ensure RAM password policy requires minimum length of 14 or greater
- CIS v1.0.0 > 1 Identity and Access Management > 1.12 Ensure RAM password policy prevents password reuse
- CIS v1.0.0 > 1 Identity and Access Management > 1.13 Ensure RAM password policy expires passwords within 90 days or less
- CIS v1.0.0 > 1 Identity and Access Management > 1.14 Ensure RAM password policy temporarily blocks logon after 5 incorrect logon attempts within an hour
- CIS v1.0.0 > 1 Identity and Access Management > 1.7 Ensure RAM password policy requires at least one uppercase letter
- CIS v1.0.0 > 1 Identity and Access Management > 1.8 Ensure RAM password policy requires at least one lowercase letter
- CIS v1.0.0 > 1 Identity and Access Management > 1.9 Ensure RAM password policy require at least one symbol
- CIS v1.0.0 > 2 Logging and Monitoring > 2.10 Ensure log monitoring and alerts are set up for RAM Role changes
- CIS v1.0.0 > 2 Logging and Monitoring > 2.11 Ensure log monitoring and alerts are set up for Cloud Firewall changes
- CIS v1.0.0 > 2 Logging and Monitoring > 2.12 Ensure log monitoring and alerts are set up for VPC network route changes
- CIS v1.0.0 > 2 Logging and Monitoring > 2.13 Ensure log monitoring and alerts are set up for VPC changes
- CIS v1.0.0 > 2 Logging and Monitoring > 2.14 Ensure log monitoring and alerts are set up for OSS permission changes
- CIS v1.0.0 > 2 Logging and Monitoring > 2.15 Ensure log monitoring and alerts are set up for RDS instance configuration changes
- CIS v1.0.0 > 2 Logging and Monitoring > 2.16 Ensure a log monitoring and alerts are set up for unauthorized API calls
- CIS v1.0.0 > 2 Logging and Monitoring > 2.17 Ensure a log monitoring and alerts are set up for Management Console sign-in without MFA
- CIS v1.0.0 > 2 Logging and Monitoring > 2.18 Ensure a log monitoring and alerts are set up for usage of 'root' account
- CIS v1.0.0 > 2 Logging and Monitoring > 2.19 Ensure a log monitoring and alerts are set up for Management Console authentication failures
- CIS v1.0.0 > 2 Logging and Monitoring > 2.20 Ensure a log monitoring and alerts are set up for disabling or deletion of customer created CMKs
- CIS v1.0.0 > 2 Logging and Monitoring > 2.21 Ensure a log monitoring and alerts are set up for OSS bucket policy changes
- CIS v1.0.0 > 2 Logging and Monitoring > 2.22 Ensure a log monitoring and alerts are set up for security group changes
- CIS v1.0.0 > 2 Logging and Monitoring > 2.23 Ensure that Logstore data retention period is set 365 days or greater
- CIS v1.0.0 > 2 Logging and Monitoring > 2.3 Ensure audit logs for multiple cloud resources are integrated with Log Service
- CIS v1.0.0 > 2 Logging and Monitoring > 2.4 Ensure Log Service is enabled for Container Service for Kubernetes
- CIS v1.0.0 > 2 Logging and Monitoring > 2.5 Ensure virtual network flow log service is enabled
- CIS v1.0.0 > 2 Logging and Monitoring > 2.6 Ensure Anti-DDoS access and security log service is enabled
- CIS v1.0.0 > 2 Logging and Monitoring > 2.7 Ensure Web Application Firewall access and security log service is enabled
- CIS v1.0.0 > 2 Logging and Monitoring > 2.8 Ensure Cloud Firewall access and security log analysis is enabled
- CIS v1.0.0 > 2 Logging and Monitoring > 2.9 Ensure Security Center Network, Host and Security log analysis is enabled
- CIS v1.0.0 > 3 Networking > 3.3 Ensure VPC flow logging is enabled in all VPCs
- CIS v1.0.0 > 3 Networking > 3.4 Ensure routing tables for VPC peering are 'least access'
- CIS v1.0.0 > 3 Networking > 3.5 Ensure the security group are configured with fine grained rules
- CIS v1.0.0 > 4 Virtual Machines > 4.5 Ensure that the latest OS Patches for all Virtual Machines are applied
- CIS v1.0.0 > 5 Storage > 5.2 Ensure that there are no publicly accessible objects in storage buckets
- CIS v1.0.0 > 5 Storage > 5.5 Ensure that the shared URL signature expires within an hour
- CIS v1.0.0 > 5 Storage > 5.6 Ensure that URL signature is allowed only over https
- CIS v1.0.0 > 7 Kubernetes Engine > 7.1 Ensure Log Service is set to 'Enabled' on Kubernetes Engine Clusters
- CIS v1.0.0 > 7 Kubernetes Engine > 7.4 Ensure Cluster Check triggered at least once per week for Kubernetes Clusters
- CIS v1.0.0 > 7 Kubernetes Engine > 7.5 Ensure Kubernetes web UI / Dashboard is not enabled
- CIS v1.0.0 > 7 Kubernetes Engine > 7.6 Ensure Basic Authentication is not enabled on Kubernetes Engine
- CIS v1.0.0 > 7 Kubernetes Engine > 7.9 Ensure Kubernetes Cluster is created with Private cluster enabled
- CIS v1.0.0 > 8 Security Center > 8.3 Ensure that Automatic Quarantine is enabled
- CIS v1.0.0 > 8 Security Center > 8.4 Ensure that Webshell detection is enabled on all web servers
- CIS v1.0.0 > 8 Security Center > 8.5 Ensure that notification is enabled on all high risk items
- CIS v1.0.0 > 8 Security Center > 8.6 Ensure that Config Assessment is granted with privilege
- CIS v1.0.0 > 8 Security Center > 8.7 Ensure that scheduled vulnerability scan is enabled on all servers
- CIS v1.0.0 > 8 Security Center > 8.8 Ensure that Asset Fingerprint automatically collects asset fingerprint data
Schema for alicloud_account
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Alicloud Account ID in which the resource is located. |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| alias | text | Specify the alias associated with the account. | |
| region | text | The Alicloud region in which the resource is located. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- alicloudYou can pass the configuration to the command with the --config argument:
steampipe_export_alicloud --config '<your_config>' alicloud_account