Alibaba CloudOverview
RAM password policies can be used to ensure password complexity. It is recommended that the password policy requires at least one lowercase letter.
Rationale
Enhancing complexity of a password policy increases account resiliency against brute force logon attempts.
Default Value
The default password policy does not enforce any element in a password.
Remediation guidance
Console
- Open the security settings using the "Open in Alibaba" menu option
- In the Password Strength Settings section, click Edit.
- In the Required Elements in Password section, enable Lowercase Letters and click OK
CLI
aliyun ram SetPasswordPolicy --RequireLowercaseCharacters true
Multiple Remediation Paths
SERVICE-WIDE (RECOMMENDED when many resources are affected): Apply organization/tenant-level guardrails and baseline policies for the entire platform.
ASSET-LEVEL: Fix only the affected resources identified by this control.
PREVENTIVE: Add preventive policy checks to CI/CD and periodic posture scans.
References for Service-Wide Patterns
- Platform policy/governance and preventive control patterns should be applied tenant-wide where supported.
Query logic
These are the stored checks tied to this control.
RAM password policy requires at least one lowercase letter
Connectors
Alibaba Cloud
Covered asset types
IAMPasswordPolicy
Expected check: eq []
iamPasswordPolicies( where: { requireLowercaseCharacters: false}) {...AssetFragment}
