Ensure Alibaba Cloud RAM password policy prevents password reuse

Error: Alibaba Cloud RAM password policy does not prevent password reuse

Bridgecrew Policy ID: BC_ALI_IAM_5
Checkov Check ID: CKV_ALI_18
Severity: MEDIUM

Alibaba Cloud RAM password policy does not prevent password reuse

Description

By default, the RAM password policy does not prevent password reuse, so it is important to enable this feature to help protect your account. When password reuse is prevented, users will not be able to use a password that they have previously used for the account. This can help to reduce the risk of unauthorized access, as it makes it more difficult for an attacker to guess or recover an old password.

Fix - Buildtime

Terraform

resource "alicloud_ram_account_password_policy" "pass" {
  minimum_password_length      = 14
  require_lowercase_characters = false
  require_uppercase_characters = false
  require_numbers              = false
  require_symbols              = true
  hard_expiry                  = true
  max_password_age             = 14
  password_reuse_prevention    = 24
  max_login_attempts           = 3
}