Checks whether no RAM user is created for each Alibaba Cloud account. If so, the evaluation result is Compliant.
Scenarios
Enterprises that require only single sign-on (SSO) can use Alibaba Cloud accounts instead of RAM users to prevent security risks.
Risk level
Default risk level: low.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
If no RAM user is created for each Alibaba Cloud account, the evaluation result is Compliant.
If a RAM user is created for an Alibaba Cloud account, the evaluation result is Non-compliant.
Rule details
Parameter | Description |
Rule name | account-no-has-ram-user |
Rule identifier | |
Tag | account, RAM, user |
Automatic remediation | Not supported |
Trigger type | Periodic execution |
Evaluation frequency | Every 24 hours |
Supported resource type | All resources |
Input parameter | None |
Non-compliance remediation
Make sure that no RAM user is created for each Alibaba Cloud account. For more information, see Delete a RAM user.