Ensure Alibaba Cloud RAM password policy requires at least one number
Error: Alibaba Cloud RAM password policy does not have a number
Bridgecrew Policy ID: BC_ALI_IAM_2
Checkov Check ID: CKV_ALI_14
Severity: MEDIUM
Alibaba Cloud RAM password policy does not have a number
Description
This policy identifies Alibaba Cloud accounts that do not have a number in the password policy. As a security best practice, configure a strong password policy for secure access to the Alibaba Cloud console.
Fix - Runtime
Alibaba Cloud Portal
- Log in to Alibaba Cloud Portal
- Go to Resource Access Management (RAM) service
- In the left-side navigation pane, click on 'Settings'
- In the 'Security Settings' tab, In the 'Password Strength Settings' Section, Click on 'Edit Password Rule'
- In the 'Required Elements in Password' field, select 'Numbers'
- Click on 'OK'
- Click on 'Close'
Fix - Buildtime
Terraform
resource "alicloud_ram_account_password_policy" "pass" {
minimum_password_length = 14
require_lowercase_characters = false
require_uppercase_characters = true
require_numbers = true
require_symbols = true
hard_expiry = true
max_password_age = 14
password_reuse_prevention = 5
max_login_attempts = 3
}
Updated 10 months ago