Ensure Alibaba Cloud RAM password policy requires at least one symbol

Error: Alibaba Cloud RAM password policy does not have a symbol

Bridgecrew Policy ID: BC_ALI_IAM_6
Checkov Check ID: CKV_ALI_15
Severity: MEDIUM

Alibaba Cloud RAM password policy does not have a symbol

Description

This policy identifies Alibaba Cloud accounts that do not have a symbol in the password policy. As a security best practice, configure a strong password policy for secure access to the Alibaba Cloud console.

Fix - Runtime

Alibaba Cloud Portal

  1. Log in to Alibaba Cloud Portal
  2. Go to Resource Access Management (RAM) service
  3. In the left-side navigation pane, click on 'Settings'
  4. In the 'Security Settings' tab, In the 'Password Strength Settings' Section, Click on 'Edit Password Rule'
  5. In the 'Required Elements in Password' field, select 'Symbols'
  6. Click on 'OK'
  7. Click on 'Close'

Fix - Buildtime

Terraform

resource "alicloud_ram_account_password_policy" "pass" {
  minimum_password_length      = 14
  require_lowercase_characters = false
  require_uppercase_characters = false
  require_numbers              = false
  require_symbols              = true
  hard_expiry                  = true
  max_password_age             = 14
  password_reuse_prevention    = 5
  max_login_attempts           = 3
}