turbot/alicloud

GitHub
steampipe plugin install alicloudsteampipe plugin install alicloud
alicloud_accountalicloud_action_trailalicloud_cas_certificatealicloud_cms_monitor_hostalicloud_cs_kubernetes_clusteralicloud_cs_kubernetes_cluster_nodealicloud_ecs_auto_provisioning_groupalicloud_ecs_autoscaling_groupalicloud_ecs_diskalicloud_ecs_disk_metric_read_iopsalicloud_ecs_disk_metric_read_iops_dailyalicloud_ecs_disk_metric_read_iops_hourlyalicloud_ecs_disk_metric_write_iopsalicloud_ecs_disk_metric_write_iops_dailyalicloud_ecs_disk_metric_write_iops_hourlyalicloud_ecs_imagealicloud_ecs_instancealicloud_ecs_instance_metric_cpu_utilization_dailyalicloud_ecs_instance_metric_cpu_utilization_hourlyalicloud_ecs_key_pairalicloud_ecs_launch_templatealicloud_ecs_network_interfacealicloud_ecs_regionalicloud_ecs_security_groupalicloud_ecs_snapshotalicloud_ecs_zonealicloud_kms_keyalicloud_kms_secretalicloud_oss_bucketalicloud_ram_access_keyalicloud_ram_credential_reportalicloud_ram_groupalicloud_ram_password_policyalicloud_ram_policyalicloud_ram_rolealicloud_ram_security_preferencealicloud_ram_useralicloud_rds_backupalicloud_rds_databasealicloud_rds_instancealicloud_rds_instance_metric_connectionsalicloud_rds_instance_metric_connections_dailyalicloud_rds_instance_metric_cpu_utilizationalicloud_rds_instance_metric_cpu_utilization_dailyalicloud_rds_instance_metric_cpu_utilization_hourlyalicloud_security_center_field_statisticsalicloud_security_center_versionalicloud_slb_load_balanceralicloud_vpcalicloud_vpc_dhcp_options_setalicloud_vpc_eipalicloud_vpc_flow_logalicloud_vpc_nat_gatewayalicloud_vpc_network_aclalicloud_vpc_route_entryalicloud_vpc_route_tablealicloud_vpc_ssl_vpn_client_certalicloud_vpc_ssl_vpn_serveralicloud_vpc_vpn_connectionalicloud_vpc_vpn_customer_gatewayalicloud_vpc_vpn_gatewayalicloud_vpc_vswitch

Table: alicloud_ram_policy

Permissions are specified by a statement within a policy that allows or denies access to a specific Alibaba Cloud resource.

A policy defines a set of permissions that are described based on the policy structure and syntax. A policy can accurately describe the authorized resource sets, authorized operation sets, and authorization conditions.

Examples

Basic info

select
policy_name,
policy_type,
description,
default_version,
policy_document
from
alicloud_ram_policy;

List system policies

select
policy_name,
policy_type,
description,
default_version,
policy_document
from
alicloud_ram_policy
where
policy_type = 'System';

List custom policies

select
policy_name,
policy_type,
description,
default_version,
policy_document
from
alicloud_ram_policy
where
policy_type = 'Custom';

List policies with statements granting full access

select
policy_name,
policy_type,
action,
s ->> 'Effect' as effect
from
alicloud_ram_policy,
jsonb_array_elements(policy_document_std -> 'Statement') as s,
jsonb_array_elements_text(s -> 'Action') as action
where
action in ('*', '*:*')
and s ->> 'Effect' = 'Allow';

Query examples

.inspect alicloud_ram_policy

Alibaba Cloud RAM Policy

NameTypeDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
account_idtextThe Alicloud Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
attachment_countbigintThe number of references to the policy.
create_datetimestamp with time zonePolicy creation date
default_versiontextDeafult version of the policy
descriptiontextThe policy description
policy_documentjsonbContains the details about the policy.
policy_document_stdjsonbContains the policy document in a canonical form for easier searching.
policy_nametextThe name of the policy.
policy_typetextThe type of the policy. Valid values: System and Custom.
regiontextThe Alicloud region in which the resource is located.
titletextTitle of the resource.
update_datetimestamp with time zoneLast time when policy got updated