Control: 1.7 Ensure RAM password policy requires at least one uppercase letter
Description
RAM password policies can be used to ensure password complexity. It is recommended that the password policy require at least one uppercase letter.
Remediation
Perform the following to set the password policy as expected:
From Console
- Logon to RAM console.
- Choose
Identities > Settings. - In the
Password Strength Settingssection, clickEdit Password Rule. - In the
Required Elements in Passwordsection, selectUpperCase Letter. - Click
OK.
From Command Line
aliyun ram SetPasswordPolicy --RequireUppercaseCharacters true
Usage
Run the control in your terminal:
powerpipe control run alicloud_compliance.control.cis_v100_1_7Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run alicloud_compliance.control.cis_v100_1_7 --shareSQL
This control uses a named query:
select 'acs:ram::' || a.account_id as resource, case when require_uppercase_characters then 'ok' else 'alarm' end as status, case when minimum_password_length is null then 'No password policy set.' when require_uppercase_characters then 'Uppercase character required.' else 'Uppercase character not required.' end as reason , a.account_id as account_idfrom alicloud_account as a left join alicloud_ram_password_policy as pol on a.account_id = pol.account_id;