turbot/oci_compliance

Control: 1.12 Ensure all OCI IAM user accounts have a valid and current email address

Description

All OCI IAM local user accounts have an email address field associated with the account. It is recommended to specify an email address that is valid and current. If you have an email address in your user profile, you can use the Forgot Password link on the sign on page to have a temporary password sent to you.

Remediation

From Console

  1. Login to OCI Console.
  2. Select Identity from Services menu.
  3. Select Users from Identity menu.
  4. Click on each non-complaint user.
  5. Click on Edit User.
  6. Enter a valid and current email address in the EMAIL text box.
  7. Click Save Changes.

From Command Line

Execute the following for each non-compliant user:

oci iam user update --user-id <user-ocid> --email '<email address>'

Usage

Run the control in your terminal:

powerpipe control run oci_compliance.control.cis_v110_1_12

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run oci_compliance.control.cis_v110_1_12 --share

SQL

This control uses a named query:

identity_user_valid_email

Tags