Ensure Alibaba Cloud RAM password policy expires passwords within 90 days or less
Error: Alibaba Cloud RAM password policy does not expire in 90 days
Bridgecrew Policy ID: BC_ALI_IAM_9
Checkov Check ID: CKV_ALI_16
Severity: LOW
Alibaba Cloud RAM password policy does not expire passwords within 90 days or less
Description
This policy identifies Alibaba Cloud accounts for which do not have password expiration set to 90 days or less. As a best practice, change your password every 90 days or sooner to ensure secure access to the Alibaba Cloud console.
Fix - Runtime
Alibaba Cloud Portal
- Log in to Alibaba Cloud Portal
- Go to Resource Access Management (RAM) service
- In the left-side navigation pane, click on 'Settings'
- In the 'Security Settings' tab, In the 'Password Strength Settings' Section, Click on 'Edit Password Rule'
- In the 'Password Validity Period' field, enter 90 or less based on your requirement.
- Click on 'OK'
- Click on 'Close'
Fix - Buildtime
Terraform
TBD
Updated 9 months ago