检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
access-analyzer-verified If an IAM policy allows any blocked actions on KMS keys, this policy is noncompliant. iam-group-has-users-check iam If an IAM user group has no user, this user group is noncompliant. iam-password-policy iam If the password of an IAM user does not meet the
If an IAM user group has no user, this user group is noncompliant. iam-password-policy iam If the password of an IAM user does not meet the password strength requirements, this IAM user is noncompliant. iam-root-access-key-check iam If the root user access key is available, this
If an IAM user group has no user, this user group is noncompliant. iam-password-policy iam If the password of an IAM user does not meet the password strength requirements, this IAM user is noncompliant. iam-root-access-key-check iam If the root user access key is available, this
access-analyzer-verified If an IAM policy allows any blocked actions on KMS keys, this policy is noncompliant. iam-group-has-users-check iam If an IAM user group has no user, this user group is noncompliant. iam-password-policy iam If the password of an IAM user does not meet the
Rule Logic If an IAM user does not have an access key, the IAM user is compliant. If an IAM user is disabled, the IAM user is compliant. If an IAM user is in the enabled state, and its access key has been rotated within the specified period, this user is compliant.
access-analyzer-verified If an IAM policy allows any blocked actions on KMS keys, this policy is noncompliant. iam-group-has-users-check iam If an IAM user group has no user, this user group is noncompliant. iam-password-policy iam If the password of an IAM user does not meet the
IAM Policies Are in Use All IAM Roles Are in Use Login Protection Check IAM Agencies Contain Specified Policies The Admin User Group Only Contains the Root User IAM Users Do Not Have Directly Assigned Policies or Permissions Parent topic: Built-In Policies
access-analyzer-verified If an IAM policy allows any blocked actions on KMS keys, this policy is noncompliant. iam-group-has-users-check iam If an IAM user group has no user, this user group is noncompliant. iam-password-policy iam If the password of an IAM user does not meet the
If there is a blocked action for KMS in an IAM policy, this policy is noncompliant. iam-password-policy iam If the password of an IAM user does not meet the password strength requirements, this IAM user is noncompliant. iam-policy-no-statements-with-admin-access iam If an IAM policy
For details, see Changing the Login Password of an IAM User. Rule Logic If an IAM user does not have a password configured, this user is compliant. If an IAM user is in the disabled state, this user is compliant.
Rule Logic If an IAM user is in the disabled state, this user is compliant. If an IAM user is not allowed to access the management console, this user is compliant. If an enabled IAM user who is allowed to access the management console has MFA enabled, this user is compliant.
this rule is noncompliant. 3.3 iam-user-group-membership-check iam If an IAM user is not in any of the specified IAM user groups, this user is noncompliant. 3.3 iam-user-last-login-check iam If an IAM user does not log in to the system within the specified time range, this user
Rule Logic If an IAM user is the root user, this user is compliant. If an IAM user is disabled, this user is compliant. If a non-root IAM user in the enabled state was added to the admin user group, this user is noncompliant.
If the password of an IAM user does not meet the password strength requirements, this IAM user is noncompliant. iam-user-last-login-check iam If an IAM user does not log in to the system within the specified time range, the result is non-compliant. iam-user-mfa-enabled iam If multi-factor
Rule Logic If an IAM user is disabled, this user is compliant. If an IAM user is enabled and has MFA enabled, this user is compliant. If an IAM user is enabled, but does not have MFA enabled, this user is noncompliant. Parent topic: Identity and Access Management
", "description": "An IAM user is noncompliant if it does not belong to any IAM user group
For more details, see Adding Users to or Removing Users from a User Group Rule Logic If an IAM user group has no users, this user group is noncompliant. If an IAM user group has one or more users, this user group is compliant. Parent topic: Identity and Access Management
C.CS.FOUNDATION.G_1.R_13 Ensuring that only one active access key is available for an IAM user iam-user-single-access-key iam If multiple access keys are in the active state for an IAM user, this user is noncompliant.
If an IAM user group has no user, this user group is noncompliant. iam-user-last-login-check iam If an IAM user does not log in to the system within the specified time range, this user is non-compliant. volume-unused-check evs If an EVS disk is not mounted to any cloud server, this
CRY-01 iam-password-policy Set thresholds for IAM user password strength. IDM-09 iam-user-mfa-enabled Enable MFA for all IAM users to prevent account theft. IDM-09 mfa-enabled-for-iam-console-access Enable MFA for all IAM users who can access Huawei Cloud management console.
