turbot/alicloud

GitHub
steampipe plugin install alicloudsteampipe plugin install alicloud
alicloud_accountalicloud_action_trailalicloud_cas_certificatealicloud_cms_monitor_hostalicloud_cs_kubernetes_clusteralicloud_cs_kubernetes_cluster_nodealicloud_ecs_auto_provisioning_groupalicloud_ecs_autoscaling_groupalicloud_ecs_diskalicloud_ecs_disk_metric_read_iopsalicloud_ecs_disk_metric_read_iops_dailyalicloud_ecs_disk_metric_read_iops_hourlyalicloud_ecs_disk_metric_write_iopsalicloud_ecs_disk_metric_write_iops_dailyalicloud_ecs_disk_metric_write_iops_hourlyalicloud_ecs_imagealicloud_ecs_instancealicloud_ecs_instance_metric_cpu_utilization_dailyalicloud_ecs_instance_metric_cpu_utilization_hourlyalicloud_ecs_key_pairalicloud_ecs_launch_templatealicloud_ecs_network_interfacealicloud_ecs_regionalicloud_ecs_security_groupalicloud_ecs_snapshotalicloud_ecs_zonealicloud_kms_keyalicloud_kms_secretalicloud_oss_bucketalicloud_ram_access_keyalicloud_ram_credential_reportalicloud_ram_groupalicloud_ram_password_policyalicloud_ram_policyalicloud_ram_rolealicloud_ram_security_preferencealicloud_ram_useralicloud_rds_backupalicloud_rds_databasealicloud_rds_instancealicloud_rds_instance_metric_connectionsalicloud_rds_instance_metric_connections_dailyalicloud_rds_instance_metric_cpu_utilizationalicloud_rds_instance_metric_cpu_utilization_dailyalicloud_rds_instance_metric_cpu_utilization_hourlyalicloud_security_center_field_statisticsalicloud_security_center_versionalicloud_slb_load_balanceralicloud_vpcalicloud_vpc_dhcp_options_setalicloud_vpc_eipalicloud_vpc_flow_logalicloud_vpc_nat_gatewayalicloud_vpc_network_aclalicloud_vpc_route_entryalicloud_vpc_route_tablealicloud_vpc_ssl_vpn_client_certalicloud_vpc_ssl_vpn_serveralicloud_vpc_vpn_connectionalicloud_vpc_vpn_customer_gatewayalicloud_vpc_vpn_gatewayalicloud_vpc_vswitch

Table: alicloud_ram_user

Alibaba Cloud RAM users can login to the console or use access keys programmatically.

Examples

Basic user info

select
user_id,
name,
display_name
from
alicloud_ram_user;

Users who have not logged in for 30 days

select
name,
last_login_date
from
alicloud_ram_user
where
last_login_date < current_date - interval '30 days';

Users who have never logged in

select
name,
last_login_date
from
alicloud_ram_user
where
last_login_date is null;

Groups details to which the RAM user belongs

select
name as user_name,
iam_group ->> 'GroupName' as group_name,
iam_group ->> 'JoinDate' as join_date
from
alicloud_ram_user,
jsonb_array_elements(groups) as iam_group;

List all the users having Administrator access

select
name as user_name,
policies ->> 'PolicyName' as policy_name,
policies ->> 'PolicyType' as policy_type,
policies ->> 'DefaultVersion' as policy_default_version,
policies ->> 'AttachDate' as policy_attachment_date
from
alicloud_ram_user,
jsonb_array_elements(attached_policy) as policies
where
policies ->> 'PolicyName' = 'AdministratorAccess';

List all the users for whom MFA is not enabled

select
name as user_name,
user_id as user_id,
mfa_enabled
from
alicloud_ram_user
where
not mfa_enabled;

List users with Container Service for Kubernetes role-based access control (RBAC) permissions

select
name as user_name,
user_id as user_id
from
alicloud_ram_user
where
cs_user_permission <> '[]';

Query examples

.inspect alicloud_ram_user

Resource Access Management users who can login via the console or access keys.

NameTypeDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
account_idtextThe Alicloud Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextThe Alibaba Cloud Resource Name (ARN) of the RAM user.
attached_policyjsonbA list of policies attached to a RAM user.
commentstextThe description of the RAM user.
create_datetimestamp with time zoneThe time when the RAM user was created.
cs_user_permissionsjsonbUser permissions for Container Service Kubernetes clusters.
display_nametextThe display name of the RAM user.
emailtextThe email address of the RAM user.
groupsjsonbA list of groups attached to the user.
last_login_datetimestamp with time zoneThe time when the RAM user last logged on to the console by using the password.
mfa_device_serial_numbertextThe serial number of the MFA device.
mfa_enabledbooleanThe MFA status of the user
mobile_phonetextThe mobile phone number of the RAM user.
nametextThe username of the RAM user.
regiontextThe Alicloud region in which the resource is located.
titletextTitle of the resource.
update_datetimestamp with time zoneThe time when the RAM user was modified.
user_idtextThe unique ID of the RAM user.
virtual_mfa_devicesjsonbThe list of MFA devices.