turbot/alicloud
steampipe plugin install alicloud

Table: alicloud_ram_password_policy - Query Alibaba Cloud RAM Password Policies using SQL

Alibaba Cloud's Resource Access Management (RAM) is a service that helps manage user identities and access control. You can create and manage multiple identities under your Alibaba Cloud account, and control the access of these identities to your Alibaba Cloud resources. RAM allows you to grant fine-grained permissions and authorized access methods to users under your Alibaba Cloud account in a secure and controllable manner.

Table Usage Guide

The alicloud_ram_password_policy table provides insights into password policies within Alibaba Cloud Resource Access Management (RAM). As a security analyst, you can explore password policy details through this table, including minimum password length, password complexity requirements, and password change frequency. Use it to ensure that password policies comply with your organization's security standards and to identify any potential security risks.

Examples

Ensure RAM password policy requires at least one uppercase letter (CIS v1.1.7)

Assess the elements within your Alicloud RAM password policy to verify if it mandates the inclusion of at least one uppercase letter. This aids in enhancing password security, aligning with the CIS v1.1.7 benchmark.

select
require_uppercase_characters,
case
require_uppercase_characters
when true then 'pass'
else 'fail'
end as status
from
alicloud_ram_password_policy;
select
require_uppercase_characters,
case
require_uppercase_characters
when 1 then 'pass'
else 'fail'
end as status
from
alicloud_ram_password_policy;

Ensure RAM password policy requires at least one lowercase letter (CIS v1.1.8)

Assess the security of your password policy by determining if it necessitates the inclusion of at least one lowercase letter. This can help enhance your system's protection by ensuring passwords are more complex and harder to guess.

select
require_lowercase_characters,
case
require_lowercase_characters
when true then 'pass'
else 'fail'
end as status
from
alicloud_ram_password_policy;
select
require_lowercase_characters,
case
require_lowercase_characters
when 1 then 'pass'
else 'fail'
end as status
from
alicloud_ram_password_policy;

Ensure RAM password policy requires at least one symbol (CIS v1.1.9)

This example helps in assessing the security of your password policy by determining whether it mandates the inclusion of at least one symbol. This is crucial for enhancing password strength and reducing the risk of unauthorized access.

select
require_symbols,
case
require_symbols
when true then 'pass'
else 'fail'
end as status
from
alicloud_ram_password_policy;
select
require_symbols,
case
require_symbols
when 1 then 'pass'
else 'fail'
end as status
from
alicloud_ram_password_policy;

Ensure RAM password policy require at least one number (CIS v1.1.10)

Assess the elements within your Alicloud RAM password policy to ensure it mandates the inclusion of at least one numerical value, providing a simple pass or fail status. This aids in maintaining robust security standards as per the CIS v1.1.10 guidelines.

select
require_numbers,
case
require_numbers
when true then 'pass'
else 'fail'
end as status
from
alicloud_ram_password_policy;
select
require_numbers,
case
require_numbers
when 1 then 'pass'
else 'fail'
end as status
from
alicloud_ram_password_policy;

Ensure RAM password policy requires minimum length of 14 or greater (CIS v1.1.11)

Determine the strength of your password policy by checking if it requires a minimum length of 14 characters or more. This can help ensure your system's security by enforcing robust password requirements.

select
minimum_password_length,
case
minimum_password_length >= 14
when true then 'pass'
else 'fail'
end as status
from
alicloud_ram_password_policy;
select
minimum_password_length,
case
when minimum_password_length >= 14 then 'pass'
else 'fail'
end as status
from
alicloud_ram_password_policy;

Schema for alicloud_ram_password_policy

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The Alicloud Account ID in which the resource is located.
hard_expirybooleanIndicates whether the password has expired.
max_login_attemptsbigintThe maximum number of permitted logon attempts within one hour. The number of logon attempts is reset to zero if a RAM user changes the password.
max_password_agebigintThe number of days for which a password is valid. Default value: 0. The default value indicates that the password never expires.
minimum_password_lengthbigintThe minimum required number of characters in a password.
password_reuse_preventionbigintThe number of previous passwords that the user is prevented from reusing. Default value: 0. The default value indicates that the RAM user is not prevented from reusing previous passwords.
regiontextThe Alicloud region in which the resource is located.
require_lowercase_charactersbooleanIndicates whether a password must contain one or more lowercase letters.
require_numbersbooleanIndicates whether a password must contain one or more digits.
require_symbolsbooleanIndicates whether a password must contain one or more special characters.
require_uppercase_charactersbooleanIndicates whether a password must contain one or more uppercase letters.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- alicloud

You can pass the configuration to the command with the --config argument:

steampipe_export_alicloud --config '<your_config>' alicloud_ram_password_policy