Control: 1.1 Avoid the use of the 'root' account

Description

An Alibaba Cloud account can be viewed as a “root” account. The "root" account has full control permissions to all cloud products and resources under such account. It is highly recommended that the use of this account should be avoided.

Remediation

All users should operate resources at the RAM user level and follow the principle of least privilege. Follow the remediation instructions of the Ensure RAM policies are attached only to groups or roles recommendation. For more information about RAM user, see terms of RAM user.

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v100_1_1

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v100_1_1 --share

SQL

This control uses a named query:

select
  'acs:ram::' || account_id || ':user/' || user_name as resource,
  case
    when user_last_logon is null then 'ok'
    else 'alarm'
  end as status,
  case
    when user_last_logon is null then 'Root account not used.'
    else 'Root account last used ' || extract(day from current_date - user_last_logon) || ' days ago.'
  end as reason
  , account_id as account_id
from
  alicloud_ram_credential_report
where
  user_name = '<root>';

Control: 1.1 Avoid the use of the 'root' account

Description

Remediation

Usage

SQL

Tags