turbot/alicloud_compliance

Control: 1.13 Ensure RAM password policy expires passwords within 90 days or less

Description

RAM password policies can require passwords to be expired after a given number of days. It is recommended that the password policy expire passwords after 90 days or less.

Remediation

Perform the following to set the password policy as expected:

From Console

  1. Logon to RAM console.
  2. Choose Identities > Settings.
  3. In the Password Strength Settings section, click Edit Password Rule.
  4. In the Password Validity Period field, enter <90> or a smaller number.
  5. Click OK.

From Command Line

aliyun ram SetPasswordPolicy --MaxPasswordAge 90

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v100_1_13

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v100_1_13 --share

SQL

This control uses a named query:

ram_password_policy_expire_90

Tags