Ensure OCI IAM password policy contains symbols

Error: OCI IAM password policy for local (non-federated) users does not have a symbol
Bridgecrew Policy ID: BC_OCI_IAM_3
Checkov Check ID: CKV_OCI_13
Severity: HIGH

OCI IAM password policy for local (non-federated) users does not have a symbol

Description

This policy identifies Oracle Cloud Infrastructure(OCI) accounts that do not have a symbol in the password policy for local (non-federated) users. As a security best practice, configure a strong password policy for secure access to the OCI console.

Fix - Runtime

OCI Console

  1. Login to the OCI Console Page: https://console.ap-mumbai-1.oraclecloud.com/
  2. Go to Identity in the Services menu.
  3. Select Authentication Settings from the Identity menu.
  4. Click Edit Authentication Settings in the middle of the page.
  5. Ensure the checkbox is selected next to MUST CONTAIN AT LEAST 1 SPECIAL CHARACTER.

Note : The console URL is region specific, your tenancy might have a different home region and thus console URL.

Fix - Buildtime

Terraform

  • Resource: oci_identity_authentication_policy
  • Arguments: password_policy.is_special_characters_required
resource "oci_identity_authentication_policy" "pass" {

  compartment_id = var.tenancy_id

  password_policy {
    ...
    is_special_characters_required   = true
    ...
  }
}