Control: 1.10 Ensure RAM password policy require at least one number
Description
RAM password policies can be used to ensure password complexity. It is recommended that the password policy require at least one number.
Remediation
Perform the following to set the password policy as expected:
From Console
- Logon to RAM console.
- Choose
Identities > Settings. - In the
Password Strength Settingssection, clickEdit Password Rule. - In the
Required Elements in Passwordsection, selectNumbers. - Click
OK.
From Command Line
aliyun ram SetPasswordPolicy --RequireNumbers true
Usage
Run the control in your terminal:
powerpipe control run alicloud_compliance.control.cis_v100_1_10Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run alicloud_compliance.control.cis_v100_1_10 --shareSQL
This control uses a named query:
select 'acs:ram::' || a.account_id as resource, case when require_numbers then 'ok' else 'alarm' end as status, case when minimum_password_length is null then 'No password policy set.' when require_numbers then 'Number required.' else 'Number not required.' end as reason , a.account_id as account_idfrom alicloud_account as a left join alicloud_ram_password_policy as pol on a.account_id = pol.account_id;