turbot/alicloud
steampipe plugin install alicloud

Table: alicloud_ram_security_preference

Alibaba Cloud RAM users security preference provides better security to user.

Examples

Basic security preference info

This query is useful to gain insights into the different security preferences and their settings in Alicloud RAM. It helps in assessing whether users have the permissions to change passwords, manage access keys, MFA devices, public keys, and the duration of login sessions, thereby aiding in understanding the security posture of your Alicloud environment.

select
allow_user_to_change_password,
allow_user_to_manage_access_keys,
allow_user_to_manage_mfa_devices,
allow_user_to_manage_public_keys,
enable_save_mfa_ticket,
login_session_duration
from
alicloud_ram_security_preference;
select
allow_user_to_change_password,
allow_user_to_manage_access_keys,
allow_user_to_manage_mfa_devices,
allow_user_to_manage_public_keys,
enable_save_mfa_ticket,
login_session_duration
from
alicloud_ram_security_preference;

Check if user have access to change password

Explore which Alicloud users have the ability to change their passwords. This can be crucial for maintaining account security and ensuring users can manage their own credentials.

select
allow_user_to_change_password
from
alicloud_ram_security_preference;
select
allow_user_to_change_password
from
alicloud_ram_security_preference;

Check if user have access to manage public access key

Determine if users have the necessary permissions to manage public access keys. This can help in maintaining security by ensuring only authorized individuals can handle sensitive keys.

select
allow_user_to_manage_public_keys
from
alicloud_ram_security_preference;
select
allow_user_to_manage_public_keys
from
alicloud_ram_security_preference;

Get the log on session duration of User

Analyze the duration of user login sessions to understand their activity patterns and potential security risks.

select
login_session_duration
from
alicloud_ram_security_preference;
select
login_session_duration
from
alicloud_ram_security_preference;

Schema for alicloud_ram_security_preference

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The Alicloud Account ID in which the resource is located.
allow_user_to_change_passwordbooleanIndicates whether RAM users can change their passwords.
allow_user_to_manage_access_keysbooleanIndicates whether RAM users can manage their AccessKey pairs.
allow_user_to_manage_mfa_devicesbooleanIndicates whether RAM users can manage their MFA devices.
allow_user_to_manage_public_keysbooleanIndicates whether RAM users can manage their public keys.
enable_save_mfa_ticketbooleanIndicates whether RAM users can save security codes for multi-factor authentication (MFA) during logon. Each security code is valid for seven days.
login_network_masksjsonbThe subnet mask that indicates the IP addresses from which logon to the Alibaba Cloud Management Console is allowed. This parameter applies to password-based logon and single sign-on (SSO). However, this parameter does not apply to API calls that are authenticated based on AccessKey pairs. May be more than one CIDR range. If empty then login is allowed from any source.
login_session_durationbigintThe validity period of a logon session of a RAM user. Unit: hours.
regiontextThe Alicloud region in which the resource is located.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- alicloud

You can pass the configuration to the command with the --config argument:

steampipe_export_alicloud --config '<your_config>' alicloud_ram_security_preference