Conformance Package for Identity and Access Management
The following table lists the compliance rules and solutions included in the conformance package dedicated to Identity and Access Management.
Rule |
Cloud Service |
Description |
---|---|---|
access-keys-rotated |
iam |
If there is an AK/SK pair that has been used for a time longer than the specified time range, the result is noncompliant. |
iam-group-has-users-check |
iam |
If an IAM user group has no user, this user group is noncompliant. |
iam-password-policy |
iam |
If there is a user whose password does not meet the password complexity requirements, the result is noncompliant. |
iam-root-access-key-check |
iam |
If the root access key is available, the result is noncompliant. |
iam-user-console-and-api-access-at-creation |
iam |
If there is a user who has a console password and whose AK/SK pair is created when this user is created, the result is noncompliant. |
iam-user-group-membership-check |
iam |
If an IAM user is not added to any IAM user groups, this user is noncompliant. |
iam-user-last-login-check |
iam |
If an IAM user does not log in to the system within the specified time range, the result is non-compliant. |
iam-user-mfa-enabled |
iam |
If multi-factor authentication is not enabled for an IAM user, this user is noncompliant. |
iam-user-single-access-key |
iam |
If multiple access keys are in the active state for an IAM user, this user is noncompliant. |
mfa-enabled-for-iam-console-access |
iam |
If MFA is not enabled for an IAM user who has a console password, this IAM user is noncompliant. |
root-account-mfa-enabled |
iam |
If multi-factor authentication is not enabled for the root user, the root user is noncompliant. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot