turbot/alicloud_compliance

Control: 1.1 Avoid the use of the 'root' account

Description

An Alibaba Cloud account can be viewed as a “root” account. The "root" account has full control permissions to all cloud products and resources under such account. It is highly recommended that the use of this account should be avoided.

Remediation

All users should operate resources at the RAM user level and follow the principle of least privilege. Follow the remediation instructions of the Ensure RAM policies are attached only to groups or roles recommendation. For more information about RAM user, see terms of RAM user.

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v100_1_1

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v100_1_1 --share

SQL

This control uses a named query:

ram_root_account_unused

Tags