Alibaba Cloud RAM password policy maximal login attempts is more than 4
Description
This policy ensures that the maximum login attempts in the RAM (Resource Access Management) account password policy are set to no more than 5. Limiting login attempts helps protect accounts from brute-force attacks and unauthorized access attempts. It enforces stricter security controls, ensuring better protection for sensitive resources.
Failing to limit the maximum login attempts can increase the risk of successful brute-force attacks, potentially leading to account compromise.
Code Example
go
resource "alicloud_ram_account_password_policy" "example" {
...
- max_login_attempts = 7
+ max_login_attempts = 3
}Remediation
Terraform
- Resource: alicloud_ram_account_password_policy
- Arguments: max_login_attempts
To mitigate this issue, ensure the `max_login_attempts` attribute in the `alicloud_ram_account_password_policy` resource is set to a value no greater than 5.
Example:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0023 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_ALI_23 |