Table: ibm_iam_account_settings - Query IBM IAM Account Settings using SQL
IBM Identity and Access Management (IAM) is a service that helps users to securely manage their IBM Cloud resources. It offers features to control who can access the resources, which actions they can perform, and how they manage these permissions. IBM IAM Account Settings are a part of this service, containing the configuration details of the user's IBM Cloud account.
Table Usage Guide
The ibm_iam_account_settings table provides insights into the IBM IAM Account Settings within IBM Identity and Access Management (IAM). As a cloud administrator, you can explore account-specific details through this table, including the account's API key, session duration, and associated metadata. It can be utilized to uncover information about the account's settings, such as the account's MFA status, the password settings, and the account's access groups.
Examples
Basic info
Explore which IBM account settings have restrictions on creating service IDs and platform API keys. This can be useful in maintaining security by understanding where creation of these elements is limited and which IP addresses are permitted.
select account_id, restrict_create_service_id, restrict_create_platform_api_key, allowed_ip_addressesfrom ibm_iam_account_settings;select account_id, restrict_create_service_id, restrict_create_platform_api_key, allowed_ip_addressesfrom ibm_iam_account_settings;Query examples
Control examples
- CIS v1.0.0 > 1 IAM > 1.4 Restrict user API key creation and service ID creation in the account via IAM roles
- CIS v1.0.0 > 1 IAM > 1.7 Ensure multi-factor authentication (MFA) is enabled for all users in account
- CIS v1.0.0 > 1 IAM > 1.8 Ensure multi-factor authentication (MFA) is enabled for the account owner
- CIS v1.0.0 > 1 IAM > 1.9 Ensure multi-factor authentication (MFA) is enabled at the account level
Schema for ibm_iam_account_settings
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| account_id | text | An unique ID of the account. | |
| allowed_ip_addresses | text | The IP addresses and subnets from which IAM tokens can be created for the account. | |
| entity_tag | text | Version of the account settings. | |
| history | jsonb | History of the Account Settings. | |
| mfa | text | Defines the MFA trait for the account. | |
| restrict_create_platform_api_key | text | Indicates whether creating a platform API key is access controlled, or not. | |
| restrict_create_service_id | text | ||
| session_expiration_in_seconds | text | Defines the session expiration in seconds for the account. | |
| session_invalidation_in_seconds | text | Defines the period of time in seconds in which a session will be invalidated due to inactivity. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- ibmYou can pass the configuration to the command with the --config argument:
steampipe_export_ibm --config '<your_config>' ibm_iam_account_settings