Table: alicloud_ram_group - Query Alibaba Cloud RAM Groups using SQL
Alibaba Cloud Resource Access Management (RAM) is a service that helps manage user identities and resource access permissions. RAM allows you to create and manage multiple identities under one Alibaba Cloud account, and control the access of these identities to your resources. You can grant different permissions to different identities to ensure that your resources can only be accessed by trusted entities.
Table Usage Guide
The alicloud_ram_group table provides insights into RAM Groups within Alibaba Cloud Resource Access Management (RAM). As a system administrator, explore group-specific details through this table, including group name, id, comments, and the creation time. Utilize it to manage and control access to your resources, ensuring that only trusted entities have the necessary permissions.
Examples
User details associated with each RAM group
Determine the areas in which users are associated with each RAM group in Alicloud. This can help in better understanding the group distribution and user management within your Alicloud environment.
select name as group_name, iam_user ->> 'UserName' as user_name, iam_user ->> 'DisplayName' as display_name, iam_user ->> 'JoinDate' as user_join_datefrom alicloud_ram_group cross join jsonb_array_elements(users) as iam_user;select name as group_name, json_extract(iam_user.value, '$.UserName') as user_name, json_extract(iam_user.value, '$.DisplayName') as display_name, json_extract(iam_user.value, '$.JoinDate') as user_join_datefrom alicloud_ram_group, json_each(users) as iam_user;List the policies attached to each RAM group
Explore the various policies attached to each RAM group, including the policy type, default version, and attachment date. This can help in understanding the security measures and access controls in place for each group.
select name as group_name, policies ->> 'PolicyName' as policy_name, policies ->> 'PolicyType' as policy_type, policies ->> 'DefaultVersion' as policy_default_version, policies ->> 'AttachDate' as policy_attachment_datefrom alicloud_ram_group, jsonb_array_elements(attached_policy) as policies;select name as group_name, json_extract(policies.value, '$.PolicyName') as policy_name, json_extract(policies.value, '$.PolicyType') as policy_type, json_extract(policies.value, '$.DefaultVersion') as policy_default_version, json_extract(policies.value, '$.AttachDate') as policy_attachment_datefrom alicloud_ram_group, json_each(attached_policy) as policies;List of RAM groups with no users added to it
Determine the areas in which RAM groups have been created but no users have been added. This can help in identifying unused resources and optimizing resource allocation.
select name as group_name, create_date, usersfrom alicloud_ram_groupwhere users = '[]';select name as group_name, create_date, usersfrom alicloud_ram_groupwhere users = '[]';Query examples
- ram_all_policies_for_group
- ram_all_policies_for_user
- ram_group_1_year_count
- ram_group_24_hours_count
- ram_group_30_90_days_count
- ram_group_30_days_count
- ram_group_90_365_days_count
- ram_group_age_table
- ram_group_count
- ram_group_input
- ram_group_overview
- ram_groups_by_account
- ram_groups_by_creation_month
- ram_groups_for_ram_policy
- ram_groups_for_ram_user
- ram_groups_policies_count
- ram_groups_users_count
- ram_groups_with_no_attached_policy_count
- ram_groups_without_policies
- ram_groups_without_users
- ram_groups_without_users_count
- ram_policies_for_ram_group
- ram_user_manage_policies_sankey
- ram_users_for_group
- ram_users_for_ram_group
Schema for alicloud_ram_group
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Alicloud Account ID in which the resource is located. |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| arn | text | The Alibaba Cloud Resource Name (ARN) of the RAM user group. | |
| attached_policy | jsonb | A list of policies attached to a RAM user group. | |
| comments | text | The description of the RAM user group. | |
| create_date | timestamp with time zone | The time when the RAM user group was created. | |
| name | text | = | The name of the RAM user group. |
| region | text | The Alicloud region in which the resource is located. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| title | text | Title of the resource. | |
| update_date | timestamp with time zone | The time when the RAM user group was modified. | |
| users | jsonb | A list of users in the group. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- alicloudYou can pass the configuration to the command with the --config argument:
steampipe_export_alicloud --config '<your_config>' alicloud_ram_group