Alibabacloud Sas Multiaccount Manage
by @sdk-team
Manage multiple Alibaba Cloud accounts and batch-export Security Center (SAS) baseline and vulnerability reports via the aliyun CLI and Python scripts. Suppo...
#### Refresh account list
Fetch the latest account list from Alibaba Cloud resource directory and write to accounts.json. Existing enable states are preserved; new accounts are enabled by default.
.venv/bin/python accounts.py refresh
#### List all accounts
.venv/bin/python accounts.py list
Sample output:
1225574417218097 cwx [enabled]
1234567890123456 prod-account [disabled]
#### Search accounts
Fuzzy-search by DisplayName, returning AccountId and enable status.
.venv/bin/python accounts.py search cwx
.venv/bin/python accounts.py search prod
#### Enable / disable accounts
Control whether an account participates in subsequent batch exports.
.venv/bin/python accounts.py enable 1225574417218097
.venv/bin/python accounts.py disable 1234567890123456
accounts.json Structure
[
{
"AccountId": "1225574417218097",
"DisplayName": "cwx",
"FolderId": "r-1Q4pqB",
"IsMaAccount": "NO",
"SasVersion": "0",
"enable": true
}
]
accounts.py refresh has been executed and account enable/disable configuration is complete.export-record and describe-export-info permissions.Export cloud platform configuration check results (CSPM)
Export baselineCspm results for all enabled accounts and merge into baseline-cspm-merged-{date}.xlsx.
# Export for all enabled accounts
.venv/bin/python baseline.py export-cspmExport for one specific account
.venv/bin/python baseline.py export-cspm --account-id 1225574417218097
Export system baseline risk list
Export exportHcWarning risk list (high/medium/low, all statuses) for all enabled accounts and merge into system-warning-merged-{date}.xlsx.
# Export for all enabled accounts
.venv/bin/python baseline.py export-system-warningExport for one specific account
.venv/bin/python baseline.py export-system-warning --account-id 1225574417218097
Output Files
| File | Description |
|------|------|
| baseline-cspm-merged-{date}.xlsx | Merged cloud platform configuration check results, including “Resource Directory Account” column |
| system-warning-merged-{date}.xlsx | Merged system baseline risk list, including “Resource Directory Account” column |
Error Handling
| Scenario | Behavior |
|------|------|
| FreeVersionNotPermit | Silently skip this account and continue others |
| NoPermission / Forbidden | Silently skip this account |
| Export failed (server-side error) | Print [failed] message and continue with other accounts |
| All accounts skipped | Print message and exit without output file |
.venv/bin/python; replace with your actual virtual environment path.aliyun configure; do not hardcode AK/SK.cn-shanghai (China mainland) and ap-southeast-1 (outside China mainland).clawhub install alibabacloud-sas-multiaccount-manage