Template name
ACS-RAM-SetPasswordPolicy
Template description
Calls the SetPasswordPolicy operation to configure a password strength policy for RAM users.
Template type
Automated
Owner
Alibaba Cloud
Input parameters
Parameter | Description | Data type | Required | Default value | Limit |
minimumPasswordLength | The minimum password length. | Number | No | 8 | |
requireLowercaseCharacters | Specifies whether the password must contain lowercase letters. | Boolean | No | False | |
requireUppercaseCharacters | Specifies whether the password must contain uppercase letters. | Boolean | No | False | |
requireNumbers | Specifies whether the password must contain digits. | Boolean | No | False | |
requireSymbols | Specifies whether the password must contain special characters. | Boolean | No | False | |
hardExpire | Specifies whether to disable logon after a password expires. | Boolean | No | False | |
maxLoginAttemps | The maximum number of password retries. | Number | No | 0 | |
passwordReusePrevention | The historical password check policy. | Number | No | 0 | |
maxPasswordAge | The password validity period. | Number | No | 0 | |
minimumPasswordDifferentCharacter | The minimum number of different characters in a password. | Number | No | 0 | |
passwordNotContainUserName | Specifies whether to exclude the user name from the password. | Boolean | No | False | |
OOSAssumeRole | The RAM role that is assumed by CloudOps Orchestration Service (OOS). | String | No | "" |
Output parameters
N/A.
Permission policy that is required to execute the template
{
"Version": "1",
"Statement": [
{
"Action": [
"ram:SetPasswordPolicy"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
References
Template content
FormatVersion: OOS-2019-06-01
Description:
name-en: ACS-RAM-SetPasswordPolicy
en: Call SetPasswordPolicy to set the RAM user password strength policy
categories:
- security
Parameters:
minimumPasswordLength:
Label:
en: MinimumPasswordLength
Type: Number
Default: 8
requireLowercaseCharacters:
Label:
en: RequireLowercaseCharacters
Type: Boolean
Default: false
requireUppercaseCharacters:
Label:
en: RequireUppercaseCharacters
Type: Boolean
Default: false
requireNumbers:
Label:
en: RequireNumbers
Type: Boolean
Default: false
requireSymbols:
Label:
en: RequireSymbols
Type: Boolean
Default: false
hardExpire:
Label:
en: HardExpire
Type: Boolean
Default: false
maxLoginAttemps:
Label:
en: MaxLoginAttemps
Type: Number
Default: 0
passwordReusePrevention:
Label:
en: PasswordReusePrevention
Type: Number
Default: 0
maxPasswordAge:
Label:
en: MaxPasswordAge
Type: Number
Default: 0
minimumPasswordDifferentCharacter:
Label:
en: MinimumPasswordDifferentCharacter
Type: Number
Default: 0
passwordNotContainUserName:
Label:
en: PasswordNotContainUserName
Type: Boolean
Default: false
OOSAssumeRole:
Label:
en: OOSAssumeRole
Type: String
Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
- Name: SetPasswordPolicy
Action: 'ACS::ExecuteApi'
Description:
en: Call SetPasswordPolicy to set the RAM user password strength policy
Properties:
Service: RAM
API: SetPasswordPolicy
Parameters:
MinimumPasswordLength: '{{ minimumPasswordLength }}'
RequireLowercaseCharacters: '{{ requireLowercaseCharacters }}'
RequireUppercaseCharacters: '{{ requireUppercaseCharacters }}'
RequireNumbers: '{{ requireNumbers }}'
RequireSymbols: '{{ requireSymbols }}'
HardExpiry: '{{ hardExpire }}'
MaxLoginAttemps: '{{ maxLoginAttemps }}'
PasswordReusePrevention: '{{ passwordReusePrevention }}'
MaxPasswordAge: '{{ maxPasswordAge }}'