Alibaba Cloud RAM password policy does not expire in 90 days

Description

This policy identifies Alibaba Cloud accounts for which do not have password expiration set to 90 days or less. As a best practice, change your password every 90 days or sooner to ensure secure access to the Alibaba Cloud console.

Code Example

resource "alicloud_ram_account_password_policy" "example" {
  ...
-  max_password_age             = 180
+  max_password_age             = 45
}

Remediation

Terraform

Resource: alicloud_ram_account_password_policy
Arguments: max_password_age

To mitigate this issue, ensure the `max_password_age` attribute in the `alicloud_ram_account_password_policy` resource is set to a value between 1 and 90.

Example:

Rule Details

Field	Value
ID	IAC-0016
Severity	INFO
IaC Type	Terraform
Frameworks	Terraform
Checkov ID	CKV_ALI_16

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Alibaba Cloud RAM password policy does not expire in 90 days

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Alibaba Cloud RAM password policy does not expire in 90 days ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Alibaba Cloud RAM password policy does not expire in 90 days

Description

Code Example

Remediation

Rule Details

References