tencentcloud.cam-user

User - user management in Cloud Access Management (CAM) https://www.tencentcloud.com/document/product/1021/37656

example

policies:
- name: cam-too-old-users
  resource: tencentcloud.cam-user
  filters:
  - type: value
    key: CreateTime
    value_type: age
    value: 7000
    op: less-than

Filters

credential

CredentialFilter :example:

policies:
- name: cam-user-access-key-rotation
  resource: tencentcloud.cam-user
  filters:
  - type: credential
    key: access_keys.CreateTime
    value_type: age
    value: 3
    op: greater-than
  - type: credential
    key: access_keys.Status
    value: Active
- name: cam-user-mfa-missing
  resource: tencentcloud.cam-user
  filters:
  - type: credential
    key: ConsoleLogin
    value: 1
  - type: credential
    key: login_mfa_active
    value: false
properties:
  key:
    enum:
    - ConsoleLogin
    - LastLoginTime
    - login_mfa_active
    - access_keys
    - access_keys.Status
    - access_keys.LastUsedDate
    - access_keys.CreateTime
    type: string
  op:
    enum:
    - eq
    - equal
    - ne
    - not-equal
    - gt
    - greater-than
    - ge
    - gte
    - le
    - lte
    - lt
    - less-than
    - glob
    - regex
    - regex-case
    - in
    - ni
    - not-in
    - contains
    - difference
    - intersect
  type:
    enum:
    - credential
  value:
    oneOf:
    - type: array
    - type: string
    - type: boolean
    - type: number
    - type: 'null'
  value_type:
    enum:
    - age
    - integer
    - expiration
    - normalize
    - size
    - cidr
    - cidr_size
    - swap
    - resource_count
    - expr
    - unique_size
    - date
    - version
required:
- type

group

Filter based on users’ group. Official doc: https://www.tencentcloud.com/document/product/598/33380 Use limit: https://www.tencentcloud.com/document/product/598/10609

example

policies:
- name: cam-user-missing-group
  resource: tencentcloud.cam-user
  filters:
  - type: group
    key: GroupName
    value:
properties:
  default:
    type: object
  key:
    type: string
  op:
    enum:
    - eq
    - equal
    - ne
    - not-equal
    - gt
    - greater-than
    - ge
    - gte
    - le
    - lte
    - lt
    - less-than
    - glob
    - regex
    - regex-case
    - in
    - ni
    - not-in
    - contains
    - difference
    - intersect
  type:
    enum:
    - group
  value:
    oneOf:
    - type: array
    - type: string
    - type: boolean
    - type: number
    - type: 'null'
  value_from:
    additionalProperties: 'False'
    properties:
      expr:
        oneOf:
        - type: integer
        - type: string
      format:
        enum:
        - csv
        - json
        - txt
        - csv2dict
      url:
        type: string
    required:
    - url
    type: object
  value_regex:
    type: string
  value_type:
    enum:
    - age
    - integer
    - expiration
    - normalize
    - size
    - cidr
    - cidr_size
    - swap
    - resource_count
    - expr
    - unique_size
    - date
    - version
required:
- type

Actions

  • mark-for-op

  • remove-tag

  • rename-tag

  • tag

  • webhook