Ensure Alibaba Cloud RAM password policy requires at least one uppercase letter

Error: Alibaba Cloud RAM password policy does not have an uppercase character

Bridgecrew Policy ID: BC_ALI_IAM_1
Checkov Check ID: CKV_ALI_19
Severity: MEDIUM

Alibaba Cloud RAM password policy does not have an uppercase character

Description

This policy identifies Alibaba Cloud accounts that do not have an uppercase character in the password policy. As a security best practice, configure a strong password policy for secure access to the Alibaba Cloud console.

Fix - Runtime

Alibaba Cloud Portal

  1. Log in to Alibaba Cloud Portal
  2. Go to Resource Access Management (RAM) service
  3. In the left-side navigation pane, click on 'Settings'
  4. In the 'Security Settings' tab, In the 'Password Strength Settings' Section, Click on 'Edit Password Rule'
  5. In the 'Required Elements in Password' field, select 'Upper-Case Letter'
  6. Click on 'OK'
  7. Click on 'Close'

Fix - Buildtime - Terraform

resource "alicloud_ram_account_password_policy" "pass" {
  minimum_password_length      = 14
  require_lowercase_characters = false
  require_uppercase_characters = true
  require_numbers              = false
  require_symbols              = true
  hard_expiry                  = true
  max_password_age             = 14
  password_reuse_prevention    = 5
  max_login_attempts           = 3
}