This topic describes how to use the Resource Access Management (RAM) console to review your account's security posture. You can use the security report to evaluate risks and follow the advice to improve your account's overall security.
Procedure
Log on to the RAM console with an Alibaba Cloud account.
On the Overview page, review security check findings and the corresponding remidiation advice.
For each finding, click the finding and click Set Now to go to the corresponding page and complete the security settings.
Understand the security report
You can click Download Security Report to download a report that lists the security information of your Alibaba Cloud account.
The report contains the following fields:
SubUser: The total number of RAM users in the account.
SubUserBindMfa: The number of RAM users with multi-factor authentication (MFA) enabled.
SubUserWithUnusedAccessKey: The number of RAM users who have one or more unused AccessKey pairs.
RootWithAccessKey: The number of AccessKey pairs created for the account. For security, this value should be 0.
SubUserWithOldAccessKey: The number of RAM users with aging AccessKey pairs that should be rotated.
SubUserPwdLevel: The configured password complexity level for RAM users.
UnusedAkNum: The total number of unused AccessKey pairs in the account.
OldAkNum: The total number of aging AccessKey pairs in the account.
BindMfa: Indicates whether MFA is enabled for the account.
Score: The overall security score for the account.
NoteA higher score indicates better account security. If your score is low, it means your account has security risks that should be addressed.
For more information about security best practices, see Ensure the security of your enterprise's Alibaba Cloud resources.