Table: ibm_iam_access_group - Query IBM Cloud IAM Access Groups using SQL
IBM Cloud Identity and Access Management (IAM) Access Groups are collections of users and service IDs, where access policies can be applied to grant or restrict access to resources in the IBM Cloud. Access Groups simplify the task of managing access to resources by allowing you to assign policies to groups, rather than individual users or service IDs. This grouping mechanism helps in ensuring proper access management across your IBM Cloud resources.
Table Usage Guide
The ibm_iam_access_group table provides insights into IAM access groups within IBM Cloud Identity and Access Management (IAM). As a security administrator, you can explore group-specific details through this table, including group metadata, associated policies, and access details. Utilize it to uncover information about groups, such as those with specific access policies, the users and service IDs associated with each group, and the verification of access rights.
Examples
Basic info
Explore the fundamental details of your IBM IAM access groups to better understand their creation timeline and federation status. This can aid in managing access control and understanding the group's history.
select name, id, is_federated, href, created_by_id, created_atfrom ibm_iam_access_group;select name, id, is_federated, href, created_by_id, created_atfrom ibm_iam_access_group;Control examples
- CIS v1.0.0 > 1 IAM > 1.13 Ensure a support access group has been created to manage incidents with IBM Support
- CIS v1.0.0 > 1 IAM > 1.16 Ensure IAM does not allow public access to Cloud Object Storage
- CIS v1.0.0 > 2 Storage > 2.1 Cloud Object Storage > 2.1.5 Disable public (anonymous) access to IBM Cloud Object Storage buckets
Schema for ibm_iam_access_group
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| account_id | text | ID of the account that this group belongs to. | |
| created_at | timestamp with time zone | The timestamp the group was created at. | |
| created_by_id | text | The iam_id of the entity that created the group. | |
| description | text | The description of the IAM access group. | |
| href | text | An url to the given group resource. | |
| id | text | = | The ID of the IAM access group. |
| is_federated | boolean | This is set to true if rules exist for the group. | |
| last_modified_at | timestamp with time zone | Specifies the date and time, the group las modified. | |
| name | text | Name of the access group. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- ibmYou can pass the configuration to the command with the --config argument:
steampipe_export_ibm --config '<your_config>' ibm_iam_access_group