Alibaba CloudOverview
RAM password policies can be used to ensure password complexity. It is recommended that the password policy require a minimum of 14 or greater characters for any password.
Rationale
Enhancing complexity of a password policy increases account resiliency against brute force logon attempts.
Default Value
The default password policy requires a minimum of 8 characters for a password.
Remediation guidance
Console
- Open the security settings using the "Open in Alibaba" menu option
- In the Password Strength Settings section, click Edit.
- In the Password Length field, enter 14 or a greater number and click OK
CLI
aliyun ram SetPasswordPolicy --MinimumPasswordLength 14
Multiple Remediation Paths
SERVICE-WIDE (RECOMMENDED when many resources are affected): Apply organization/tenant-level guardrails and baseline policies for the entire platform.
ASSET-LEVEL: Fix only the affected resources identified by this control.
PREVENTIVE: Add preventive policy checks to CI/CD and periodic posture scans.
References for Service-Wide Patterns
- Platform policy/governance and preventive control patterns should be applied tenant-wide where supported.
Query logic
These are the stored checks tied to this control.
RAM password policy requires a minimum length of 14 or greater
Connectors
Covered asset types
Expected check: eq []
iamPasswordPolicies( where: { minimumPasswordLength_LT: 14}) {...AssetFragment}
