Ensure Alibaba Cloud RAM password policy prevents password reuse
Error: Alibaba Cloud RAM password policy does not prevent password reuse
Bridgecrew Policy ID: BC_ALI_IAM_5
Checkov Check ID: CKV_ALI_18
Severity: MEDIUM
Alibaba Cloud RAM password policy does not prevent password reuse
Description
By default, the RAM password policy does not prevent password reuse, so it is important to enable this feature to help protect your account. When password reuse is prevented, users will not be able to use a password that they have previously used for the account. This can help to reduce the risk of unauthorized access, as it makes it more difficult for an attacker to guess or recover an old password.
Fix - Buildtime
Terraform
resource "alicloud_ram_account_password_policy" "pass" {
minimum_password_length = 14
require_lowercase_characters = false
require_uppercase_characters = false
require_numbers = false
require_symbols = true
hard_expiry = true
max_password_age = 14
password_reuse_prevention = 24
max_login_attempts = 3
}
Updated 9 months ago