Table: alicloud_ram_security_preference
Alibaba Cloud RAM users security preference provides better security to user.
Examples
Basic security preference info
This query is useful to gain insights into the different security preferences and their settings in Alicloud RAM. It helps in assessing whether users have the permissions to change passwords, manage access keys, MFA devices, public keys, and the duration of login sessions, thereby aiding in understanding the security posture of your Alicloud environment.
select allow_user_to_change_password, allow_user_to_manage_access_keys, allow_user_to_manage_mfa_devices, allow_user_to_manage_public_keys, enable_save_mfa_ticket, login_session_durationfrom alicloud_ram_security_preference;select allow_user_to_change_password, allow_user_to_manage_access_keys, allow_user_to_manage_mfa_devices, allow_user_to_manage_public_keys, enable_save_mfa_ticket, login_session_durationfrom alicloud_ram_security_preference;Check if user have access to change password
Explore which Alicloud users have the ability to change their passwords. This can be crucial for maintaining account security and ensuring users can manage their own credentials.
select allow_user_to_change_passwordfrom alicloud_ram_security_preference;select allow_user_to_change_passwordfrom alicloud_ram_security_preference;Check if user have access to manage public access key
Determine if users have the necessary permissions to manage public access keys. This can help in maintaining security by ensuring only authorized individuals can handle sensitive keys.
select allow_user_to_manage_public_keysfrom alicloud_ram_security_preference;select allow_user_to_manage_public_keysfrom alicloud_ram_security_preference;Get the log on session duration of User
Analyze the duration of user login sessions to understand their activity patterns and potential security risks.
select login_session_durationfrom alicloud_ram_security_preference;select login_session_durationfrom alicloud_ram_security_preference;Schema for alicloud_ram_security_preference
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| account_id | text | The Alicloud Account ID in which the resource is located. | |
| allow_user_to_change_password | boolean | Indicates whether RAM users can change their passwords. | |
| allow_user_to_manage_access_keys | boolean | Indicates whether RAM users can manage their AccessKey pairs. | |
| allow_user_to_manage_mfa_devices | boolean | Indicates whether RAM users can manage their MFA devices. | |
| allow_user_to_manage_public_keys | boolean | Indicates whether RAM users can manage their public keys. | |
| enable_save_mfa_ticket | boolean | Indicates whether RAM users can save security codes for multi-factor authentication (MFA) during logon. Each security code is valid for seven days. | |
| login_network_masks | jsonb | The subnet mask that indicates the IP addresses from which logon to the Alibaba Cloud Management Console is allowed. This parameter applies to password-based logon and single sign-on (SSO). However, this parameter does not apply to API calls that are authenticated based on AccessKey pairs. May be more than one CIDR range. If empty then login is allowed from any source. | |
| login_session_duration | bigint | The validity period of a logon session of a RAM user. Unit: hours. | |
| region | text | The Alicloud region in which the resource is located. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- alicloudYou can pass the configuration to the command with the --config argument:
steampipe_export_alicloud --config '<your_config>' alicloud_ram_security_preference