Control: 1.2 Ensure no root account access key exists

Description

Access keys provide programmatic access to a given Alibaba Cloud account. It is recommended that all access keys associated with the root account be removed.

Remediation

From Console

Perform the following to delete or disable active root access keys:

Logon to RAM console by using your Alibaba Cloud account (root account).
Move the pointer over the account icon in the upper-right corner and click AccessKey.
Click Continue to manage AccessKey.
On the Security Management page, find the target access keys and perform the following operations:
- Click Disable to disable the target access keys temporarily.
- Click Delete to delete the target access keys permanently.

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v100_1_2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v100_1_2 --share

SQL

This control uses a named query:

select
  'acs:ram::' || account_id || ':user/' || user_name as resource,
  case
    when access_key_1_active or access_key_2_active then 'alarm'
    else 'ok'
  end as status,
  case
    when access_key_1_active or access_key_2_active then 'Root account access key exists.'
    else 'No root account access keys exist.'
  end as reason
  , account_id as account_id
from
  alicloud_ram_credential_report
where
  user_name = '<root>';

Control: 1.2 Ensure no root account access key exists

Description

Remediation

From Console

Usage

SQL

Tags