Control: 1.5 Ensure users not logged on for 90 days or longer are disabled for console logon


Alibaba Cloud RAM users can logon to Alibaba Cloud console by using their user name and password. If a user has not logged on for 90 days or longer, it is recommended to disable the console access of the user.


Perform the following to disable console logon for a user:

From Console

  1. Logon to RAM console.
  2. Choose Identities > Users.
  3. In the User Logon Name/Display Name column, click the username of the target RAM user.
  4. In the Console Logon Management section, click Modify Logon Settings.
  5. In the Console Password Logon section, select Disabled.
  6. Click OK.

From Command Line

aliyun ram DeleteLoginProfile --UserName <ram_user>


Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v100_1_5

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v100_1_5 --share


This control uses a named query: