alicloud_accountalicloud_action_trailalicloud_cas_certificatealicloud_cms_monitor_hostalicloud_cs_kubernetes_clusteralicloud_cs_kubernetes_cluster_nodealicloud_ecs_auto_provisioning_groupalicloud_ecs_autoscaling_groupalicloud_ecs_diskalicloud_ecs_disk_metric_read_iopsalicloud_ecs_disk_metric_read_iops_dailyalicloud_ecs_disk_metric_read_iops_hourlyalicloud_ecs_disk_metric_write_iopsalicloud_ecs_disk_metric_write_iops_dailyalicloud_ecs_disk_metric_write_iops_hourlyalicloud_ecs_imagealicloud_ecs_instancealicloud_ecs_instance_metric_cpu_utilization_dailyalicloud_ecs_instance_metric_cpu_utilization_hourlyalicloud_ecs_key_pairalicloud_ecs_launch_templatealicloud_ecs_network_interfacealicloud_ecs_regionalicloud_ecs_security_groupalicloud_ecs_snapshotalicloud_ecs_zonealicloud_kms_keyalicloud_kms_secretalicloud_oss_bucketalicloud_ram_access_keyalicloud_ram_credential_reportalicloud_ram_groupalicloud_ram_password_policyalicloud_ram_policyalicloud_ram_rolealicloud_ram_security_preferencealicloud_ram_useralicloud_rds_backupalicloud_rds_databasealicloud_rds_instancealicloud_rds_instance_metric_connectionsalicloud_rds_instance_metric_connections_dailyalicloud_rds_instance_metric_cpu_utilizationalicloud_rds_instance_metric_cpu_utilization_dailyalicloud_rds_instance_metric_cpu_utilization_hourlyalicloud_security_center_field_statisticsalicloud_security_center_versionalicloud_slb_load_balanceralicloud_vpcalicloud_vpc_dhcp_options_setalicloud_vpc_eipalicloud_vpc_flow_logalicloud_vpc_nat_gatewayalicloud_vpc_network_aclalicloud_vpc_route_entryalicloud_vpc_route_tablealicloud_vpc_ssl_vpn_client_certalicloud_vpc_ssl_vpn_serveralicloud_vpc_vpn_connectionalicloud_vpc_vpn_customer_gatewayalicloud_vpc_vpn_gatewayalicloud_vpc_vswitch
Table: alicloud_ram_role
A RAM role is a virtual RAM identity that you can create in your Alibaba Cloud account. A RAM role does not have a specific logon password or AccessKey pair. A RAM user can be used only after the RAM user is assumed by a trusted entity.
Examples
List the policies attached to the roles
select name, policies ->> 'PolicyName' as policy_name, policies ->> 'PolicyType' as policy_type, policies ->> 'DefaultVersion' as policy_default_version, policies ->> 'AttachDate' as policy_attachment_datefrom alicloud_ram_role, jsonb_array_elements(attached_policy) as policiesorder by name;
Find all roles having Administrator access
select name, policies ->> 'PolicyName' as policy_namefrom alicloud_ram_role, jsonb_array_elements(attached_policy) as policieswhere policies ->> 'PolicyName' = 'AdministratorAccess';
Find all roles grant cross-account access in the Trust Policy
select name, principal, split_part(principal, ':', 4) as foreign_accountfrom alicloud_ram_role, jsonb_array_elements(assume_role_policy_document -> 'Statement') as stmt, jsonb_array_elements_text(stmt -> 'Principal' -> 'RAM') as principalwhere split_part(principal, ':', 4) <> account_id;
Query examples
- action_trails_for_ram_role
- ecs_instances_for_ram_role
- ram_policies_for_ram_role
- ram_policies_for_role
- ram_role_1_year_count
- ram_role_24_hours_count
- ram_role_30_90_days_count
- ram_role_30_days_count
- ram_role_90_365_days_count
- ram_role_age_table
- ram_role_allows_cross_account_access_count
- ram_role_count
- ram_role_input
- ram_role_overview
- ram_role_policy_count_for_role
- ram_role_with_admin_access
- ram_role_with_admin_access_count
- ram_role_with_cross_account_access
- ram_roles_by_account
- ram_roles_by_creation_month
- ram_roles_for_ecs_instance
- ram_roles_for_ram_policy
- ram_roles_without_policy_count
- ram_user_manage_policies_hierarchy
.inspect alicloud_ram_role
Resource Access Management roles who can login via the console or access keys.
Name | Type | Description |
---|---|---|
_ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. |
account_id | text | The Alicloud Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. |
arn | text | The Alibaba Cloud Resource Name (ARN) of the RAM role. |
assume_role_policy_document | jsonb | The content of the policy that specifies one or more entities entrusted to assume the RAM role. |
assume_role_policy_document_std | jsonb | The standard content of the policy that specifies one or more entities entrusted to assume the RAM role. |
attached_policy | jsonb | A list of policies attached to a RAM role. |
create_date | timestamp with time zone | The time when the RAM role was created. |
description | text | The description of the RAM role. |
max_session_duration | bigint | The maximum session duration of the RAM role. |
name | text | The name of the RAM role. |
region | text | The Alicloud region in which the resource is located. |
role_id | text | The ID of the RAM role. |
title | text | Title of the resource. |
update_date | timestamp with time zone | The time when the RAM role was modified. |