Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-alicloud-compliance
Overview
2Dashboards
163Benchmarks
65Queries
2Variables
GitHub

Control: 1.2 Ensure no root account access key exists

Description

Access keys provide programmatic access to a given Alibaba Cloud account. It is recommended that all access keys associated with the root account be removed.

Remediation

Perform the following to delete or disable active root access keys:

Using the management console:

  1. Logon to RAM console by using your Alibaba Cloud account (root account).
  2. Move the pointer over the account icon in the upper-right corner and click AccessKey.
  3. Click Continue to manage AccessKey.
  4. On the Security Management page, find the target access keys and perform the following operations:
    • Click Disable to disable the target access keys temporarily.
    • Click Delete to delete the target access keys permanently.

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v200_1_2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v200_1_2 --share

SQL

This control uses a named query:

select
  'acs:ram::' || account_id || ':user/' || user_name as resource,
  case
    when access_key_1_active or access_key_2_active then 'alarm'
    else 'ok'
  end as status,
  case
    when access_key_1_active or access_key_2_active then 'Root account access key exists.'
    else 'No root account access keys exist.'
  end as reason
  , account_id as account_id
from
  alicloud_ram_credential_report
where
  user_name = '<root>';

Tags

category = Compliance
cis = true
cis_item_id = 1.2
cis_level = 1
cis_section_id = 1
cis_type = manual
cis_version = v2.0.0
plugin = alicloud
service = AliCloud/RAM