RAM account password policy does not enforce minimum password length

This product is not supported for your selected Datadog site. ().

Metadata

Id: a9dfec39-a740-4105-bbd6-721ba163c053

Cloud Provider: Alicloud

Platform: Terraform

Severity: Low

Category: Secret Management

Learn More

Description

The RAM account password policy must define minimum_password_length and set it to 14 or greater. If the attribute is missing, the policy is non-compliant and should include minimum_password_length = 14. This rule reports IncorrectValue when the attribute is defined but below 14, and MissingAttribute when it is not defined.

Compliant Code Examples

resource "alicloud_ram_account_password_policy" "corporate" {
  minimum_password_length      = 14
  require_lowercase_characters = false
  require_uppercase_characters = false
  require_numbers              = false
  require_symbols              = false
  hard_expiry                  = true
  max_password_age             = 14
  password_reuse_prevention    = 5
  max_login_attempts           = 3
}

Non-Compliant Code Examples

resource "alicloud_ram_account_password_policy" "corporate" {
  require_lowercase_characters = false
  require_uppercase_characters = false
  require_numbers              = false
  require_symbols              = false
  hard_expiry                  = true
  max_password_age             = 12
  password_reuse_prevention    = 5
  max_login_attempts           = 3
}

resource "alicloud_ram_account_password_policy" "corporate" {
  minimum_password_length      = 9
  require_lowercase_characters = false
  require_uppercase_characters = false
  require_numbers              = false
  require_symbols              = false
  hard_expiry                  = true
  max_password_age             = 12
  password_reuse_prevention    = 5
  max_login_attempts           = 3
}