RAM User No Product Administrative Access
ID: rule:aliyun:ram-user-no-product-admin-access
Severity: medium
IaC Types: ROS, Terraform
Description
Ensures that RAM users do not have full administrative access to cloud products unless necessary.
Reason for Violation
Granting administrative access to all users increases the risk of accidental or malicious configuration changes.
Recommendation
Remove FullAccess policies from alicloud_ram_user_policy_attachment and follow the principle of least privilege.
Resource Types
- ROS:
ALIYUN::RAM::User - Terraform:
alicloud_ram_user_policy_attachment