IAM password policies should prevent reuse of the four previously used passwords¶
Description¶
IAM password policies should prevent users from reusing any of their previous 4 passwords. Preventing password reuse increases account resiliency against brute force login attempts.
Remediation Steps¶
AWS Console¶
Navigate to Identity and Access Management.
In the left navigation, select Account Settings.
Check Prevent password reuse.
In Number of passwords to remember, enter 4.
Click Apply password policy.
AWS CLI¶
Set number of passwords to remember to 4.
This operation does not support partial updates. No parameters are required, but if you do not specify a parameter, that parameter’s value reverts to its default value.
aws iam update-account-password-policy <other password options> --password-reuse-prevention 4
Terraform¶
Ensure that the aws_iam_account_password_policy has a
password_reuse_prevention
field set to “4”.
Example Configuration¶
resource "aws_iam_account_password_policy" "example" {
password_reuse_prevention = 4
# other required fields here
}