Control: 1.10 Ensure RAM password policy require at least one number

Description

RAM password policies can be used to ensure password complexity. It is recommended that the password policy require at least one number.

Remediation

Perform the following to set the password policy as expected:

Using the management console:

Logon to RAM console.
Choose Settings.
In the Password section, click Modify.
In the Charset section, select Number.
Click OK.

Using the CLI:

aliyun ram SetPasswordPolicy --RequireNumbers true

Default Value:

The default password policy does not enforce any charset in a password.

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v200_1_10

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v200_1_10 --share

SQL

This control uses a named query:

select
  'acs:ram::' || a.account_id as resource,
  case
    when require_numbers then 'ok'
    else 'alarm'
  end as status,
  case
    when minimum_password_length is null then 'No password policy set.'
    when require_numbers then 'Number required.'
    else 'Number not required.'
  end as reason
  , a.account_id as account_id
from
  alicloud_account as a
  left join alicloud_ram_password_policy as pol on a.account_id = pol.account_id;