Alibaba CloudOverview
RAM password policies can be used to ensure password complexity. It is recommended that the password policy requires at least one number.
Rationale
Enhancing complexity of a password policy increases account resiliency against brute force logon attempts.
Default Value
The default password policy does not enforce any element in a password.
Remediation guidance
Console
- Open the security settings using the "Open in Alibaba" menu option
- In the Password Strength Settings section, click Edit.
- In the Required Elements in Password section, enable Numbers and click OK
CLI
aliyun ram SetPasswordPolicy --RequireNumbers true
Service-wide remediation
Recommended when many resources are affected: fix the platform baseline first so new resources inherit the secure setting, then remediate the existing flagged resources in batches.
Alibaba Cloud
Use Resource Directory guardrails, account baselines, and IaC modules so the secure setting is applied consistently across environments.
Operational rollout
- Fix the baseline first at the account, subscription, project, cluster, or tenant scope that owns this control.
- Remediate the currently affected resources in batches, starting with internet-exposed and production assets.
- Re-scan and track approved exceptions with an owner and expiry date.
Query logic
These are the stored checks tied to this control.
RAM password policy requires at least one number
Connectors
Alibaba Cloud
Covered asset types
IAMPasswordPolicy
Expected check: eq []
iamPasswordPolicies( where: { requireNumbers: false}) {...AssetFragment}
