turbot/alicloud_insights

Query: ram_role_with_cross_account_access

Usage

powerpipe query alicloud_insights.query.ram_role_with_cross_account_access

Steampipe Tables

SQL

with roles_with_cross_account_access as (
select
distinct name as name
from
alicloud_ram_role,
jsonb_array_elements(assume_role_policy_document -> 'Statement') as stmt,
jsonb_array_elements_text(stmt -> 'Principal' -> 'RAM') as principal
where
split_part(principal, ':',4) <> account_id
)
select
case when a.name is not null then 'Enabled' else 'Disabled' end as value,
'Cross-Account Access' as label,
case when a.name is not null then 'alert' else 'ok' end as type
from
alicloud_ram_role as r
left join roles_with_cross_account_access as a on r.name = a.name
where
r.arn = $1
and r.account_id = split_part($1,':',4);

Dashboards

The query is used in the dashboards: