Checks whether AccessKey pairs exist in each Alibaba Cloud account.
Scenario
An Alibaba Cloud account has full permissions on cloud systems and resources. If an AccessKey pair of your Alibaba Cloud account is disclosed, the cloud systems and resources are exposed to risks.
Risk level
Default risk level: high.
You can change the risk level as required when you apply this rule.
Compliance evaluation logic
- If no AccessKey pairs exist in each Alibaba Cloud account, the evaluation result is compliant.
- If an AccessKey pair exists in an Alibaba Cloud account, the evaluation result is non-compliant. For more information about how to correct the non-compliant configuration, see Non-compliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | root-ak-check |
| Rule ID | root-ak-check |
| Tag | RAM |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Evaluation frequency | 24 hours |
| Supported resource type | Alibaba Cloud account |
| Input parameter | None |
Non-compliance remediation
Call the DeleteAccessKey operation to delete the AccessKey pair for the Alibaba Cloud account.