v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/alicloud_compliance
Overview
1Dashboards
78Controls
40Queries
2Variables
GitHub

Control: 1.1 Avoid the use of the 'root' account

Description

An Alibaba Cloud account can be viewed as a “root” account. The "root" account has full control permissions to all cloud products and resources under such account. It is highly recommended that the use of this account should be avoided.

Remediation

All users should operate resources at the RAM user level and follow the principle of least privilege. Follow the remediation instructions of the Ensure RAM policies are attached only to groups or roles recommendation. For more information about RAM user, see terms of RAM user.

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v100_1_1

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v100_1_1 --share

SQL

This control uses a named query:

ram_root_account_unused

Tags

category = Compliance
cis = true
cis_item_id = 1.1
cis_level = 1
cis_section_id = 1
cis_type = manual
cis_version = v1.0.0
plugin = alicloud
service = AliCloud/RAM