v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/alicloud_compliance
Overview
1Dashboards
78Controls
40Queries
2Variables
GitHub

Control: 1.13 Ensure RAM password policy expires passwords within 90 days or less

Description

RAM password policies can require passwords to be expired after a given number of days. It is recommended that the password policy expire passwords after 90 days or less.

Remediation

Perform the following to set the password policy as expected:

From Console

  1. Logon to RAM console.
  2. Choose Identities > Settings.
  3. In the Password Strength Settings section, click Edit Password Rule.
  4. In the Password Validity Period field, enter <90> or a smaller number.
  5. Click OK.

From Command Line

aliyun ram SetPasswordPolicy --MaxPasswordAge 90

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v100_1_13

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v100_1_13 --share

SQL

This control uses a named query:

ram_password_policy_expire_90

Tags

category = Compliance
cis = true
cis_item_id = 1.13
cis_level = 1
cis_section_id = 1
cis_type = automated
cis_version = v1.0.0
plugin = alicloud
service = AliCloud/RAM