All Products
Search

This Product

    Cloud Config:ram-user-login-check

    Document Center

    Cloud Config:ram-user-login-check

    Last Updated:Nov 10, 2025

    Checks whether console access and API access are enabled for a RAM user at the same time.

    Scenario

    If console access and API access are enabled for a RAM user at the same time, security risks may be incurred. Console access and API access can be enabled for RAM users in different fields such as O&M and R&D. We recommend that you do not enable console access and API access for a RAM user at the same time. This way, you can isolate permissions of RAM users and adhere to the principle of least privilege.

    Risk level

    Default risk level: low.

    You can change the risk level as required when you apply this rule.

    Compliance evaluation logic

    • If console access and API access are not enabled for a RAM user at the same time, the evaluation result is compliant.
    • If console access and API access are enabled for a RAM user at the same time, the evaluation result is non-compliant. For more information about how to correct the non-compliant configuration, see Non-compliance remediation.

    Rule details

    ItemDescription
    Rule nameram-user-login-check
    Rule IDram-user-login-check
    TagRAM and User
    Automatic remediationNot supported
    Trigger typeConfiguration change
    Supported resource typeRAM user
    Input parameterNone

    Non-compliance remediation

    Enable only console access or API access for the RAM user. For more information, see Log on to the Alibaba Cloud Management Console as a RAM user or Disable an AccessKey pair of a RAM user.