Control: 1.5 Ensure users not logged on for 90 days or longer are disabled for console logon
Description
Alibaba Cloud RAM users can logon to Alibaba Cloud console by using their user name and password. If a user has not logged on for 90 days or longer, it is recommended to disable the console access of the user.
Remediation
Perform the following to disable console logon for a user:
From Console
- Logon to RAM console.
- Choose
Identities > Users. - In the
User Logon Name/Display Namecolumn, click the username of the target RAM user. - In the
Console Logon Managementsection, clickModify Logon Settings. - In the
Console Password Logonsection, selectDisabled. - Click
OK.
From Command Line
aliyun ram DeleteLoginProfile --UserName <ram_user>
Usage
Run the control in your terminal:
powerpipe control run alicloud_compliance.control.cis_v100_1_5Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run alicloud_compliance.control.cis_v100_1_5 --shareSQL
This control uses a named query:
ram_user_unused_90