Ensure Alibaba Cloud RAM Account maximal login attempts is less than 5

Error: Alibaba Cloud RAM password policy maximal login attempts is more than 4

Bridgecrew Policy ID: BC_ALI_IAM_4
Checkov Check ID: CKV_ALI_23
Severity: MEDIUM

Alibaba Cloud RAM password policy maximal login attempts is more than 4.

Description

By default, the maximal login attempts for a RAM account is set to 5. This means that an unauthorized user can make up to 5 failed login attempts before the account is locked. If the maximal login attempts is set to a lower value, such as 3 or 2, it will take fewer failed login attempts to lock the account. This can help to reduce the risk of unauthorized access to the account, as it makes it more difficult for an attacker to guess the correct login credentials.

Fix - Buildtime

Terraform

resource "alicloud_ram_account_password_policy" "pass" {
  minimum_password_length      = 9
  require_lowercase_characters = false
  require_uppercase_characters = false
  require_numbers              = false
  require_symbols              = false
  hard_expiry                  = true
  max_password_age             = 12
  password_reuse_prevention    = 5
  max_login_attempts           = 3
}