Best practice rules for Alibaba Cloud RAM
- Configure Password Retry Constraint Policy for RAM Users
Ensure that RAM user password policy is configured to limit the number of login attempts.
- Disable Console Access for RAM Users Inactive for 90 days
Ensure that console access is disabled for inactive Resource Access Management (RAM) users.
- Enable MFA for Root Account
Ensure that Multi-Factor Authentication (MFA) is enabled for your Alibaba Cloud account.
- Ensure RAM User has no attached policies
Ensure that RAM users have no attached policies, and are getting their access permissions only via RAM groups.
- Ensure RAM password policy requires at least one number
Ensure that RAM password policy requires at least one number.
- Ensure RAM password policy requires at least one uppercase letter
Ensure that RAM password policy requires at least one uppercase letter.
- Ensure RAM password policy requires minimum length of 14 or greater
Ensure that RAM password policy requires minimum 14 characters for passwords.
- MFA For RAM Users With Console Password
Ensure that Multi-Factor Authentication (MFA) is enabled for all RAM users with console access.
- RAM Password Policy Enforces Password Expiration
Ensure that password policy enforces password expiration within 90 days or less.
- RAM Password Policy Prevents Password Reuse
Ensure that RAM user password policy prevents password reuse.
- RAM Password Policy Requires at Least One Symbol
Ensure that RAM password policy requires at least one symbol.
- RAM Password Policy with at Least One Lowercase Letter
Ensure that RAM password policy requires at least one lowercase letter.
- RAM Policies With Full Administrative Privileges
Ensure that RAM policies with full "*:*" administrative privileges are not created.
- RAM User Access Keys Rotation
Ensure that RAM user access keys are rotated on a periodic basis to follow security best practices.
- Root Account Access Keys Existence
Ensure that your Alibaba Cloud root account is not using access keys as a security best practice.
- Root Account Usage
Ensure that your Alibaba Cloud root account usage is minimized.