OCI IAM password policy for local (non-federated) users does not have a symbol
Description
This policy identifies Oracle Cloud Infrastructure(OCI) accounts that do not have a symbol in the password policy for local (non-federated) users. As a security best practice, configure a strong password policy for secure access to the OCI console.
Code Example
go
resource "oci_identity_authentication_policy" "pass" {
compartment_id = var.tenancy_id
password_policy {
...
is_special_characters_required = true
...
}
}Remediation
- OCI Console*
. Login to the OCI Console Page: https://console.ap-mumbai-1.oraclecloud.com/
. Go to Identity in the Services menu.
. Select Authentication Settings from the Identity menu.
. Click Edit Authentication Settings in the middle of the page.
. Ensure the checkbox is selected next to MUST CONTAIN AT LEAST 1 SPECIAL CHARACTER. + Note : The console URL is region specific, your tenancy might have a different home region and thus console URL. === Fix - Buildtime
Terraform
- Resource: oci_identity_authentication_policy
- Arguments: password_policy.is_special_characters_required
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1240 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_OCI_13 |