检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
If an IAM user group has no user, this user group is noncompliant. iam-password-policy iam If the password of an IAM user does not meet the password strength requirements, this IAM user is noncompliant. iam-root-access-key-check iam If the account root user has an available access
access-analyzer-verified If an IAM policy allows any blocked actions on KMS keys, this policy is noncompliant. iam-group-has-users-check iam If an IAM user group has no user, this user group is noncompliant. iam-password-policy iam If the password of an IAM user does not meet the
Rule Logic If an IAM user does not have an access key, the IAM user is compliant. If an IAM user is disabled, the IAM user is compliant. If an IAM user is in the enabled state, and its access key has been rotated within the specified period, this user is compliant.
access-analyzer-verified If an IAM policy allows any blocked actions on KMS keys, this policy is noncompliant. iam-group-has-users-check iam If an IAM user group has no user, this user group is noncompliant. iam-password-policy iam If the password of an IAM user does not meet the
access-analyzer-verified If an IAM policy allows any blocked actions on KMS keys, this policy is noncompliant. iam-group-has-users-check iam If an IAM user group has no user, this user group is noncompliant. iam-password-policy iam If the password of an IAM user does not meet the
If there is a blocked action for KMS in an IAM policy, this policy is noncompliant. iam-password-policy iam If the password of an IAM user does not meet the password strength requirements, this IAM user is noncompliant. iam-policy-no-statements-with-admin-access iam If an IAM policy
For details, see Changing the Login Password of an IAM User. Rule Logic If an IAM user does not have a password configured, this user is compliant. If an IAM user is in the disabled state, this user is compliant.
All IAM Policies Are in Use All IAM Roles Are in Use Login Protection Check IAM Agencies Contain Specified Policies The Admin User Group Only Contains the Root User IAM Users Do Not Have Directly Assigned Policies or Permissions Access Key Used Within the Specified Period Parent
this rule is noncompliant. 3.3 iam-user-group-membership-check iam If an IAM user is not in any of the specified IAM user groups, this user is noncompliant. 3.3 iam-user-last-login-check iam If an IAM user does not log in to the system within the specified time range, this user
Rule Logic If an IAM user is in the disabled state, this user is compliant. If an IAM user is not allowed to access the management console, this user is compliant. If an enabled IAM user who is allowed to access the management console has MFA enabled, this user is compliant.
Rule Logic If an IAM user is the root user, this user is compliant. If an IAM user is disabled, this user is compliant. If a non-root IAM user in the enabled state was added to the admin user group, this user is noncompliant.
If the password of an IAM user does not meet the password strength requirements, this IAM user is noncompliant. iam-user-last-login-check iam If an IAM user does not log in to the system within the specified time range, the result is non-compliant. iam-user-mfa-enabled iam If multi-factor
", "description": "An IAM user is noncompliant if it does not belong to any IAM user group
Rule Logic If an IAM user does not have an access key, the check result is compliant. If the access key of an IAM user has been used within the specified period, the check result is compliant.
C.CS.FOUNDATION.G_1.R_12 Avoiding setting access keys for users with console passwords when setting initial iam users iam-user-console-and-api-access-at-creation iam If an IAM user can access the Huawei Cloud console and has AK/SK that was created when the IAM user was created, this
Rule Logic If an IAM user is disabled, this user is compliant. If an IAM user is enabled and has MFA enabled, this user is compliant. If an IAM user is enabled, but does not have MFA enabled, this user is noncompliant. Parent topic: Identity and Access Management
For more details, see Adding Users to or Removing Users from a User Group Rule Logic If an IAM user group has no users, this user group is noncompliant. If an IAM user group has one or more users, this user group is compliant. Parent topic: Identity and Access Management
If an IAM user group has no user, this user group is noncompliant. iam-user-last-login-check iam If an IAM user does not log in to the system within the specified time range, this user is non-compliant. volume-unused-check evs If an EVS disk is not mounted to any cloud server, this
CRY-01 iam-password-policy Set thresholds for IAM user password strength. IDM-09 iam-user-mfa-enabled Enable MFA for all IAM users to prevent account theft. IDM-09 mfa-enabled-for-iam-console-access Enable MFA for all IAM users who can access Huawei Cloud management console.
The following shows part of the response body for the API used to create an IAM user. { "user": { "id": "c131886aec...
