Table: alicloud_ram_access_key - Query Alibaba Cloud RAM Access Keys using SQL
Alibaba Cloud Resource Access Management (RAM) is a service that helps you manage user identities and access permissions. With RAM, you can create and manage multiple identities under one Alibaba Cloud account, and control the access of these identities to your resources in an efficient and secure manner. RAM Access Keys are used by RAM users to access Alibaba Cloud services.
Table Usage Guide
The alicloud_ram_access_key table provides insights into the access keys of RAM users within Alibaba Cloud Resource Access Management (RAM). As a security analyst, explore key-specific details through this table, including the AccessKey ID, status, and creation time. Utilize it to uncover information about access keys, such as those that are active or inactive, and the verification of their creation times.
Examples
List of access keys with their corresponding user name and date of creation
Discover the segments that have access keys, their corresponding user names, and creation dates. This can be useful in managing and tracking user access within your system.
select access_key_id, user_name, create_datefrom alicloud_ram_access_key;select access_key_id, user_name, create_datefrom alicloud_ram_access_key;List of access keys which are inactive
Determine the areas in which there are inactive access keys. This can be useful in maintaining security by identifying and managing unused access keys.
select access_key_id, user_name, statusfrom alicloud_ram_access_keywhere status = 'Inactive';select access_key_id, user_name, statusfrom alicloud_ram_access_keywhere status = 'Inactive';Access key count by user name
Identify instances where multiple access keys are associated with the same user in Alicloud. This can help in managing access keys effectively and improving security by limiting the number of access keys per user.
select user_name, count (access_key_id) as access_key_countfrom alicloud_ram_access_keygroup by user_name;select user_name, count(access_key_id) as access_key_countfrom alicloud_ram_access_keygroup by user_name;Access keys older than 90 days
Determine the instances where access keys have been in use for more than 90 days. This can be beneficial for managing security and access control, as older keys may pose a higher risk if not regularly updated or reviewed.
select access_key_id, user_name, status create_date, age(create_date)from alicloud_ram_access_keywhere create_date <= (current_date - interval '90' day)order by create_date;select access_key_id, user_name, status, create_date, julianday('now') - julianday(create_date)from alicloud_ram_access_keywhere julianday('now') - julianday(create_date) >= 90order by create_date;Query examples
Control examples
Schema for alicloud_ram_access_key
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| access_key_id | text | The AccessKey ID. | |
| account_id | text | The Alicloud Account ID in which the resource is located. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| create_date | timestamp with time zone | The time when the AccessKey pair was created. | |
| region | text | The Alicloud region in which the resource is located. | |
| status | text | The status of the AccessKey pair. Valid values: Active and Inactive. | |
| title | text | Title of the resource. | |
| user_name | text | Name of the User that the access key belongs to. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- alicloudYou can pass the configuration to the command with the --config argument:
steampipe_export_alicloud --config '<your_config>' alicloud_ram_access_key