Alibaba Cloud RAM password policy does not have a minimum of 14 characters
Description
This policy identifies Alibaba Cloud accounts that do not have a minimum of 14 characters in the password policy. As a security best practice, configure a strong password policy for secure access to the Alibaba Cloud console.
Code Example
go
resource "alicloud_ram_account_password_policy" "example" {
...
+ minimum_password_length = 15
}Remediation
Terraform
- Resource: alicloud_ram_account_password_policy
- Arguments: minimum_password_length
To mitigate this issue, ensure the `minimum_password_length` attribute in the `alicloud_ram_account_password_policy` resource is set to 14 or higher.
Example:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0013 |
| Severity | INFO |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_ALI_13 |