turbot/alicloud

steampipe plugin install alicloudsteampipe plugin install alicloud

Table: alicloud_ram_user

Alibaba Cloud RAM users can login to the console or use access keys programmatically.

Examples

Basic user info

select
user_id,
name,
display_name
from
alicloud_ram_user;

Users who have not logged in for 30 days

select
name,
last_login_date
from
alicloud_ram_user
where
last_login_date < current_date - interval '30 days';

Users who have never logged in

select
name,
last_login_date
from
alicloud_ram_user
where
last_login_date is null;

Groups details to which the RAM user belongs

select
name as user_name,
iam_group ->> 'GroupName' as group_name,
iam_group ->> 'JoinDate' as join_date
from
alicloud_ram_user,
jsonb_array_elements(groups) as iam_group;

List all the users having Administrator access

select
name as user_name,
policies ->> 'PolicyName' as policy_name,
policies ->> 'PolicyType' as policy_type,
policies ->> 'DefaultVersion' as policy_default_version,
policies ->> 'AttachDate' as policy_attachment_date
from
alicloud_ram_user,
jsonb_array_elements(attached_policy) as policies
where
policies ->> 'PolicyName' = 'AdministratorAccess';

List all the users for whom MFA is not enabled

select
name as user_name,
user_id as user_id,
mfa_enabled
from
alicloud_ram_user
where
not mfa_enabled;

List users with Container Service for Kubernetes role-based access control (RBAC) permissions

select
name as user_name,
user_id as user_id
from
alicloud_ram_user
where
cs_user_permission <> '[]';

.inspect alicloud_ram_user

Resource Access Management users who can login via the console or access keys.

NameTypeDescription
account_idtextThe Alicloud Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
attached_policyjsonbA list of policies attached to a RAM user.
commentstextThe description of the RAM user.
create_datetimestamp without time zoneThe time when the RAM user was created.
cs_user_permissionsjsonbUser permissions for Container Service Kubernetes clusters.
display_nametextThe display name of the RAM user.
emailtextThe email address of the RAM user.
groupsjsonbA list of groups attached to the user.
last_login_datetimestamp without time zoneThe time when the RAM user last logged on to the console by using the password.
mfa_device_serial_numbertextThe serial number of the MFA device.
mfa_enabledbooleanThe MFA status of the user
mobile_phonetextThe mobile phone number of the RAM user.
nametextThe username of the RAM user.
regiontextThe Alicloud region in which the resource is located.
titletextTitle of the resource.
update_datetimestamp without time zoneThe time when the RAM user was modified.
user_idtextThe unique ID of the RAM user.