action_trail_enabledaction_trail_oss_bucket_not_publiccs_kubernetes_cluster_ipvlan_enabledcs_kubernetes_cluster_network_policy_enabledecs_disk_encryption_enabledecs_instance_with_no_legacy_networkecs_security_group_remote_administrationecs_security_group_restrict_ingress_rdp_allecs_security_group_restrict_ingress_ssh_allecs_unattached_disk_encryption_enabledmanual_controloss_bucket_encrypted_with_byokoss_bucket_encrypted_with_servcie_keyoss_bucket_enforces_ssloss_bucket_logging_enabledoss_bucket_public_access_blockedram_account_password_policy_min_length_14ram_account_password_policy_one_lowercase_letterram_account_password_policy_one_numberram_account_password_policy_one_symbolram_account_password_policy_one_uppercase_letterram_account_password_policy_reuse_5ram_password_policy_expire_90ram_password_policy_max_login_attempts_5ram_root_account_mfa_enabledram_root_account_no_access_keysram_root_account_unusedram_user_access_key_rotated_90ram_user_console_access_mfa_enabledram_user_no_policiesram_user_unused_90rds_instance_postgresql_log_connections_parameter_onrds_instance_postgresql_log_disconnections_parameter_onrds_instance_postgresql_log_duration_parameter_onrds_instance_restrict_access_to_internetrds_instance_sql_audit_enabledrds_instance_sql_audit_retention_period_180_daysrds_instance_ssl_enabledrds_instance_tde_enabledsecurity_center_advanced_or_enterprise_edition
Queries in Alibaba Cloud Compliance
The Alibaba Cloud Compliance mod includes 40 queries:
- action_trail_enabled
- action_trail_oss_bucket_not_public
- cs_kubernetes_cluster_ipvlan_enabled
- cs_kubernetes_cluster_network_policy_enabled
- ecs_disk_encryption_enabled
- ecs_instance_with_no_legacy_network
- ecs_security_group_remote_administration
- ecs_security_group_restrict_ingress_rdp_all
- ecs_security_group_restrict_ingress_ssh_all
- ecs_unattached_disk_encryption_enabled
- manual_control
- oss_bucket_encrypted_with_byok
- oss_bucket_encrypted_with_servcie_key
- oss_bucket_enforces_ssl
- oss_bucket_logging_enabled
- oss_bucket_public_access_blocked
- ram_account_password_policy_min_length_14
- ram_account_password_policy_one_lowercase_letter
- ram_account_password_policy_one_number
- ram_account_password_policy_one_symbol
- ram_account_password_policy_one_uppercase_letter
- ram_account_password_policy_reuse_5
- ram_password_policy_expire_90
- ram_password_policy_max_login_attempts_5
- ram_root_account_mfa_enabled
- ram_root_account_no_access_keys
- ram_root_account_unused
- ram_user_access_key_rotated_90
- ram_user_console_access_mfa_enabled
- ram_user_no_policies
- ram_user_unused_90
- rds_instance_postgresql_log_connections_parameter_on
- rds_instance_postgresql_log_disconnections_parameter_on
- rds_instance_postgresql_log_duration_parameter_on
- rds_instance_restrict_access_to_internet
- rds_instance_sql_audit_enabled
- rds_instance_sql_audit_retention_period_180_days
- rds_instance_ssl_enabled
- rds_instance_tde_enabled
- security_center_advanced_or_enterprise_edition