Alibaba CloudOverview
No overview is available for this entry yet.
Remediation guidance
Remediation
Alibaba Cloud Console (Asset-Level)
- Open the affected asset from the finding details.
- Go to the related Alibaba Cloud service console (RAM, ActionTrail, VPC, OSS, RDS, ACK, KMS, or Security Center).
- Apply the secure setting required by this control (for example: disable public access, tighten policy, enable logging, enforce encryption, or enable deletion protection).
- Save changes and verify the resource is now compliant.
Alibaba Cloud CLI (Asset-Level)
- Configure CLI credentials:
aliyun configure
- Identify the affected resource and service using a Describe/List command, then apply the corresponding Modify/Update command for that service.
Common starting commands:
aliyun ecs DescribeInstances --RegionId <region-id>
aliyun rds DescribeDBInstances --RegionId <region-id>
aliyun ram ListUsers
aliyun vpc DescribeVpcs --RegionId <region-id>
aliyun oss ls oss://<bucket-name>
Validation
- Re-run the control and confirm findings are cleared.
- If an exception is required, document owner, reason, and expiration date.
Multiple Remediation Paths
SERVICE-WIDE (RECOMMENDED when many resources are affected): Apply organization/tenant-level guardrails and baseline policies for the entire platform.
ASSET-LEVEL: Fix only the affected resources identified by this control.
PREVENTIVE: Add preventive policy checks to CI/CD and periodic posture scans.
References for Service-Wide Patterns
- Platform policy/governance and preventive control patterns should be applied tenant-wide where supported.
Query logic
These are the stored checks tied to this control.
RAM password policy prevents password reuse
Connectors
Alibaba Cloud
Covered asset types
IAMPasswordPolicy
Expected check: eq []
iamPasswordPolicies( where: { passwordReusePrevention_NOT: 24 }) {...AssetFragment}
