steampipe plugin install ibm

Table: ibm_iam_account_settings - Query IBM IAM Account Settings using SQL

IBM Identity and Access Management (IAM) is a service that helps users to securely manage their IBM Cloud resources. It offers features to control who can access the resources, which actions they can perform, and how they manage these permissions. IBM IAM Account Settings are a part of this service, containing the configuration details of the user's IBM Cloud account.

Table Usage Guide

The ibm_iam_account_settings table provides insights into the IBM IAM Account Settings within IBM Identity and Access Management (IAM). As a cloud administrator, you can explore account-specific details through this table, including the account's API key, session duration, and associated metadata. It can be utilized to uncover information about the account's settings, such as the account's MFA status, the password settings, and the account's access groups.

Examples

Basic info

Explore which IBM account settings have restrictions on creating service IDs and platform API keys. This can be useful in maintaining security by understanding where creation of these elements is limited and which IP addresses are permitted.

select
account_id,
restrict_create_service_id,
restrict_create_platform_api_key,
allowed_ip_addresses
from
ibm_iam_account_settings;
select
account_id,
restrict_create_service_id,
restrict_create_platform_api_key,
allowed_ip_addresses
from
ibm_iam_account_settings;

Query examples

Schema for ibm_iam_account_settings

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The ID fof the account.
allowed_ip_addressestextThe IP addresses and subnets from which IAM tokens can be created for the account.
entity_tagtextVersion of the account settings.
historyjsonbHistory of the Account Settings.
mfatextDefines the MFA trait for the account.
restrict_create_platform_api_keytextIndicates whether creating a platform API key is access controlled, or not.
restrict_create_service_idtext
session_expiration_in_secondstextDefines the session expiration in seconds for the account.
session_invalidation_in_secondstextDefines the period of time in seconds in which a session will be invalidated due to inactivity.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- ibm

You can pass the configuration to the command with the --config argument:

steampipe_export_ibm --config '<your_config>' ibm_iam_account_settings