Ensure OCI IAM password policy contains uppercase characters

Error: OCI IAM password policy for local (non-federated) users does not have an uppercase character]
Bridgecrew Policy ID: BC_OCI_IAM_4
Checkov Check ID: CKV_OCI_14
Severity: HIGH

OCI IAM password policy for local (non-federated) users does not have an uppercase character

Description

This policy identifies Oracle Cloud Infrastructure(OCI) accounts that do not have an uppercase character in the password policy for local (non-federated) users. As a security best practice, configure a strong password policy for secure access to the OCI console.

Fix - Runtime

OCI Console

  1. Login to the OCI Console Page:https://console.ap-mumbai-1.oraclecloud.com/
  2. Go to Identity in the Services menu.
  3. Select Authentication Settings from the Identity menu.
  4. Click Edit Authentication Settings in the middle of the page.
  5. Ensure the checkbox is selected next to MUST CONTAIN AT LEAST 1 UPPERCASE CHARACTER.

Note : The console URL is region specific, your tenancy might have a different home region and thus console URL.

Fix - Buildtime

Terraform

  • Resource: oci_identity_authentication_policy
  • Arguments: password_policy.is_uppercase_characters_required
resource "oci_identity_authentication_policy" "pass" {
...
  password_policy {
    ...
    is_uppercase_characters_required = true
    ...
  }
}