alicloud_accountalicloud_action_trailalicloud_cas_certificatealicloud_cms_monitor_hostalicloud_cs_kubernetes_clusteralicloud_cs_kubernetes_cluster_nodealicloud_ecs_auto_provisioning_groupalicloud_ecs_autoscaling_groupalicloud_ecs_diskalicloud_ecs_disk_metric_read_iopsalicloud_ecs_disk_metric_read_iops_dailyalicloud_ecs_disk_metric_read_iops_hourlyalicloud_ecs_disk_metric_write_iopsalicloud_ecs_disk_metric_write_iops_dailyalicloud_ecs_disk_metric_write_iops_hourlyalicloud_ecs_imagealicloud_ecs_instancealicloud_ecs_instance_metric_cpu_utilization_dailyalicloud_ecs_instance_metric_cpu_utilization_hourlyalicloud_ecs_key_pairalicloud_ecs_launch_templatealicloud_ecs_network_interfacealicloud_ecs_regionalicloud_ecs_security_groupalicloud_ecs_snapshotalicloud_ecs_zonealicloud_kms_keyalicloud_kms_secretalicloud_oss_bucketalicloud_ram_access_keyalicloud_ram_credential_reportalicloud_ram_groupalicloud_ram_password_policyalicloud_ram_policyalicloud_ram_rolealicloud_ram_security_preferencealicloud_ram_useralicloud_rds_backupalicloud_rds_databasealicloud_rds_instancealicloud_rds_instance_metric_connectionsalicloud_rds_instance_metric_connections_dailyalicloud_rds_instance_metric_cpu_utilizationalicloud_rds_instance_metric_cpu_utilization_dailyalicloud_rds_instance_metric_cpu_utilization_hourlyalicloud_security_center_field_statisticsalicloud_security_center_versionalicloud_slb_load_balanceralicloud_vpcalicloud_vpc_dhcp_options_setalicloud_vpc_eipalicloud_vpc_flow_logalicloud_vpc_nat_gatewayalicloud_vpc_network_aclalicloud_vpc_route_entryalicloud_vpc_route_tablealicloud_vpc_ssl_vpn_client_certalicloud_vpc_ssl_vpn_serveralicloud_vpc_vpn_connectionalicloud_vpc_vpn_customer_gatewayalicloud_vpc_vpn_gatewayalicloud_vpc_vswitch
Table: alicloud_ram_user
Alibaba Cloud RAM users can login to the console or use access keys programmatically.
Examples
Basic user info
select user_id, name, display_namefrom alicloud_ram_user;
Users who have not logged in for 30 days
select name, last_login_datefrom alicloud_ram_userwhere last_login_date < current_date - interval '30 days';
Users who have never logged in
select name, last_login_datefrom alicloud_ram_userwhere last_login_date is null;
Groups details to which the RAM user belongs
select name as user_name, iam_group ->> 'GroupName' as group_name, iam_group ->> 'JoinDate' as join_datefrom alicloud_ram_user, jsonb_array_elements(groups) as iam_group;
List all the users having Administrator access
select name as user_name, policies ->> 'PolicyName' as policy_name, policies ->> 'PolicyType' as policy_type, policies ->> 'DefaultVersion' as policy_default_version, policies ->> 'AttachDate' as policy_attachment_datefrom alicloud_ram_user, jsonb_array_elements(attached_policy) as policieswhere policies ->> 'PolicyName' = 'AdministratorAccess';
List all the users for whom MFA is not enabled
select name as user_name, user_id as user_id, mfa_enabledfrom alicloud_ram_userwhere not mfa_enabled;
List users with Container Service for Kubernetes role-based access control (RBAC) permissions
select name as user_name, user_id as user_idfrom alicloud_ram_userwhere cs_user_permission <> '[]';
Query examples
- ram_all_policies_for_user
- ram_groups_for_ram_user
- ram_groups_for_user
- ram_policies_for_ram_user
- ram_user_1_year_count
- ram_user_24_hours_count
- ram_user_30_90_days_count
- ram_user_30_days_count
- ram_user_90_365_days_count
- ram_user_age_table
- ram_user_by_creation_month
- ram_user_count
- ram_user_direct_attached_policy_count_for_user
- ram_user_input
- ram_user_manage_policies_sankey
- ram_user_mfa_devices
- ram_user_mfa_for_user
- ram_user_mfa_table
- ram_user_no_mfa_count
- ram_user_overview
- ram_users_by_account
- ram_users_for_ram_group
- ram_users_for_ram_policy
- ram_users_with_direct_attached_policy
- ram_users_with_direct_policy_count
.inspect alicloud_ram_user
Resource Access Management users who can login via the console or access keys.
Name | Type | Description |
---|---|---|
_ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. |
account_id | text | The Alicloud Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. |
arn | text | The Alibaba Cloud Resource Name (ARN) of the RAM user. |
attached_policy | jsonb | A list of policies attached to a RAM user. |
comments | text | The description of the RAM user. |
create_date | timestamp with time zone | The time when the RAM user was created. |
cs_user_permissions | jsonb | User permissions for Container Service Kubernetes clusters. |
display_name | text | The display name of the RAM user. |
text | The email address of the RAM user. | |
groups | jsonb | A list of groups attached to the user. |
last_login_date | timestamp with time zone | The time when the RAM user last logged on to the console by using the password. |
mfa_device_serial_number | text | The serial number of the MFA device. |
mfa_enabled | boolean | The MFA status of the user |
mobile_phone | text | The mobile phone number of the RAM user. |
name | text | The username of the RAM user. |
region | text | The Alicloud region in which the resource is located. |
title | text | Title of the resource. |
update_date | timestamp with time zone | The time when the RAM user was modified. |
user_id | text | The unique ID of the RAM user. |
virtual_mfa_devices | jsonb | The list of MFA devices. |