Control: 1.7 Ensure RAM password policy requires at least one uppercase letter

Description

RAM password policies can be used to ensure password complexity. It is recommended that the password policy require at least one uppercase letter.

Remediation

Perform the following to set the password policy as expected:

Using the management console:

Logon to RAM console.
Choose Settings.
In the Password section, click Modify.
In the Charset section, select Upper case.
Click OK.

Using the CLI:

aliyun ram SetPasswordPolicy --RequireUppercaseCharacters true

Default Value:

The default password policy does not enforce any charset in a password.

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v200_1_7

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v200_1_7 --share

SQL

This control uses a named query:

select
  'acs:ram::' || a.account_id as resource,
  case
    when require_uppercase_characters then 'ok'
    else 'alarm'
  end as status,
  case
    when minimum_password_length is null then 'No password policy set.'
    when require_uppercase_characters then 'Uppercase character required.'
    else 'Uppercase character not required.'
  end as reason
  , a.account_id as account_id
from
  alicloud_account as a
  left join alicloud_ram_password_policy as pol on a.account_id = pol.account_id;