turbot/alicloud
steampipe plugin install alicloud

Table: alicloud_ram_access_key - Query Alibaba Cloud RAM Access Keys using SQL

Alibaba Cloud Resource Access Management (RAM) is a service that helps you manage user identities and access permissions. With RAM, you can create and manage multiple identities under one Alibaba Cloud account, and control the access of these identities to your resources in an efficient and secure manner. RAM Access Keys are used by RAM users to access Alibaba Cloud services.

Table Usage Guide

The alicloud_ram_access_key table provides insights into the access keys of RAM users within Alibaba Cloud Resource Access Management (RAM). As a security analyst, explore key-specific details through this table, including the AccessKey ID, status, and creation time. Utilize it to uncover information about access keys, such as those that are active or inactive, and the verification of their creation times.

Examples

List of access keys with their corresponding user name and date of creation

Discover the segments that have access keys, their corresponding user names, and creation dates. This can be useful in managing and tracking user access within your system.

select
access_key_id,
user_name,
create_date
from
alicloud_ram_access_key;
select
access_key_id,
user_name,
create_date
from
alicloud_ram_access_key;

List of access keys which are inactive

Determine the areas in which there are inactive access keys. This can be useful in maintaining security by identifying and managing unused access keys.

select
access_key_id,
user_name,
status
from
alicloud_ram_access_key
where
status = 'Inactive';
select
access_key_id,
user_name,
status
from
alicloud_ram_access_key
where
status = 'Inactive';

Access key count by user name

Identify instances where multiple access keys are associated with the same user in Alicloud. This can help in managing access keys effectively and improving security by limiting the number of access keys per user.

select
user_name,
count (access_key_id) as access_key_count
from
alicloud_ram_access_key
group by
user_name;
select
user_name,
count(access_key_id) as access_key_count
from
alicloud_ram_access_key
group by
user_name;

Access keys older than 90 days

Determine the instances where access keys have been in use for more than 90 days. This can be beneficial for managing security and access control, as older keys may pose a higher risk if not regularly updated or reviewed.

select
access_key_id,
user_name,
status create_date,
age(create_date)
from
alicloud_ram_access_key
where
create_date <= (current_date - interval '90' day)
order by
create_date;
select
access_key_id,
user_name,
status,
create_date,
julianday('now') - julianday(create_date)
from
alicloud_ram_access_key
where
julianday('now') - julianday(create_date) >= 90
order by
create_date;

Schema for alicloud_ram_access_key

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
access_key_idtextThe AccessKey ID.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The Alicloud Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
create_datetimestamp with time zoneThe time when the AccessKey pair was created.
regiontextThe Alicloud region in which the resource is located.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statustextThe status of the AccessKey pair. Valid values: Active and Inactive.
titletextTitle of the resource.
user_nametextName of the User that the access key belongs to.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- alicloud

You can pass the configuration to the command with the --config argument:

steampipe_export_alicloud --config '<your_config>' alicloud_ram_access_key