Ensure Alibaba Cloud RAM password policy requires at least one lowercase letter

Error: Alibaba Cloud RAM password policy does not have a lowercase character

Bridgecrew Policy ID: BC_ALI_IAM_8
Checkov Check ID: CKV_ALI_17
Severity: MEDIUM

Alibaba Cloud RAM password policy does not have a lowercase character

Description

This policy identifies Alibaba Cloud accounts that do not have a lowercase character in the password policy. As a security best practice, configure a strong password policy for secure access to the Alibaba Cloud console.

Fix - Runtime

Alibaba Cloud Portal

Log in to Alibaba Cloud Portal
Go to Resource Access Management (RAM) service
In the left-side navigation pane, click on 'Settings'
In the 'Security Settings' tab, In the 'Password Strength Settings' Section, Click on 'Edit Password Rule'
In the 'Required Elements in Password' field, select 'Lowercase Letters'
Click on 'OK'
Click on 'Close'

Fix - Buildtime

Terraform

resource "alicloud_ram_account_password_policy" "pass" {
  minimum_password_length      = 14
  require_lowercase_characters = true
  require_uppercase_characters = false
  require_numbers              = false
  require_symbols              = false
  hard_expiry                  = true
  max_password_age             = 14
  password_reuse_prevention    = 5
  max_login_attempts           = 3
}

Updated 10 months ago