Powerpipe Detection Mods →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-oci-compliance
Overview
3Dashboards
133Benchmarks
43Queries
2Variables
GitHub

Control: 1.12 Ensure all OCI IAM user accounts have a valid and current email address

Description

All OCI IAM local user accounts have an email address field associated with the account. It is recommended to specify an email address that is valid and current. If you have an email address in your user profile, you can use the Forgot Password link on the sign on page to have a temporary password sent to you.

Remediation

From Console

  1. Login to OCI Console.
  2. Select Identity from Services menu.
  3. Select Users from Identity menu.
  4. Click on each non-complaint user.
  5. Click on Edit User.
  6. Enter a valid and current email address in the EMAIL text box.
  7. Click Save Changes.

From Command Line

Execute the following for each non-compliant user:

oci iam user update --user-id <user-ocid> --email '<email address>'

Usage

Run the control in your terminal:

powerpipe control run oci_compliance.control.cis_v110_1_12

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run oci_compliance.control.cis_v110_1_12 --share

SQL

This control uses a named query:

select
  id as resource,
  case
    when email is null then 'alarm'
    when not email_verified then 'alarm'
    else 'ok'
  end as status,
  case
    when email is null then name || ' not associated with email address.'
    when not email_verified then name || ' associated with unverified email address.'
    else name || ' associated with valid email address.'
  end as reason
  
  , tenant_name as tenant
from
  oci_identity_user as a;

Tags

category = Compliance
cis = true
cis_item_id = 1.12
cis_level = 1
cis_section_id = 1
cis_type = manual
cis_version = v1.1.0
plugin = oci
service = OCI/Identity