🚀Launch Week 07, January 27th - 31st, 2025🚀
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-alicloud-insights
Overview
45Dashboards
0Benchmarks
416Queries
0Variables
GitHub

Dashboard: AliCloud RAM Role Dashboard

This dashboard answers the following questions:

  • How many roles are in each account?
  • How many roles are without policies?
  • How many roles are with administrator & cross-account access?
This dashboard contains 4 cards.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-alicloud-insights

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select AliCloud RAM Role Dashboard dashboard.

You could also snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe dashboard run alicloud_insights.dashboard.ram_role_dashboard --share

Queries

This dashboard uses the the following queries:
with roles_with_cross_account_access as (
  select
    distinct name as name
  from
    alicloud_ram_role,
    jsonb_array_elements(assume_role_policy_document -> 'Statement') as stmt,
    jsonb_array_elements_text(stmt -> 'Principal' -> 'RAM') as principal
  where
    split_part(principal, ':',4) <> account_id
)
select
  count(name) as value,
  'With Cross-Account Access' as label,
  case when count(name) > 0 then 'alert' else 'ok' end as type
from
  roles_with_cross_account_access;

Tags

service = AliCloud/RAM
type = Dashboard