Evaluates whether RAM users have active AccessKey pairs. A RAM user without an active AccessKey pair is considered compliant.
Scenarios
When a RAM user no longer needs to access Alibaba Cloud resources through API operations or development tools, you can delete the AccessKey pair to reduce the risk of key leaks and lower management costs.
Risk level
Default risk level: low.
You can change the risk level based on your business requirements when you apply this rule.
Compliance evaluation logic
- If a RAM user does not have an active AccessKey pair, the evaluation result is Compliant.
- If a RAM user has an active AccessKey pair, the evaluation result is Incompliant. To remediate an incompliant configuration, see Incompliance remediation.
Rule details
| Item | Description |
| Rule name | ram-user-active-ak-check |
| Rule identifier | ram-user-active-ak-check |
| Tag | RAM and AK |
| Automatic remediation | Not supported |
| Trigger type | Configuration change |
| Supported resource type | RAM user |
| Input parameter | None. |
Incompliance remediation
Disable or delete an AccessKey pair for a RAM user. For more information, see Disable a RAM user's access key or Delete a RAM user's AccessKey.
该文章对您有帮助吗?