Alibaba CloudOverview
RAM password policies can be used to ensure password complexity. It is recommended that the password policy require a minimum of 14 or greater characters for any password.
Rationale
Enhancing complexity of a password policy increases account resiliency against brute force logon attempts.
Default Value
The default password policy requires a minimum of 8 characters for a password.
Remediation guidance
Console
- Open the security settings using the "Open in Alibaba" menu option
- In the Password Strength Settings section, click Edit.
- In the Password Length field, enter 14 or a greater number and click OK
CLI
aliyun ram SetPasswordPolicy --MinimumPasswordLength 14
Service-wide remediation
Recommended when many resources are affected: fix the platform baseline first so new resources inherit the secure setting, then remediate the existing flagged resources in batches.
Alibaba Cloud
Use Resource Directory guardrails, account baselines, and IaC modules so the secure setting is applied consistently across environments.
Operational rollout
- Fix the baseline first at the account, subscription, project, cluster, or tenant scope that owns this control.
- Remediate the currently affected resources in batches, starting with internet-exposed and production assets.
- Re-scan and track approved exceptions with an owner and expiry date.
Query logic
These are the stored checks tied to this control.
RAM password policy requires a minimum length of 14 or greater
Connectors
Covered asset types
Expected check: eq []
iamPasswordPolicies( where: { minimumPasswordLength_LT: 14}) {...AssetFragment}
