Skip to main content

RAM User No Product Administrative Access

ID: rule:aliyun:ram-user-no-product-admin-access
Severity: medium
IaC Types: ROS, Terraform

Description

Ensures that RAM users do not have full administrative access to cloud products unless necessary.

Reason for Violation

Granting administrative access to all users increases the risk of accidental or malicious configuration changes.

Recommendation

Remove FullAccess policies from alicloud_ram_user_policy_attachment and follow the principle of least privilege.

Resource Types

  • ROS: ALIYUN::RAM::User
  • Terraform: alicloud_ram_user_policy_attachment