IAM password policies should prevent reuse of previously used passwords¶
Description¶
IAM password policies can prevent the reuse of a given password by the same user. Preventing password reuse increases account resiliency against brute force login attempts.
Remediation Steps¶
AWS Console¶
Navigate to IAM Account Settings.
Select Change password policy.
Check the Prevent password reuse checkbox.
In the Remember password(s) field, enter 24.
Click the Save changes button.
AWS CLI¶
Set number of passwords to remember to the highest possible value.
This operation does not support partial updates. No parameters are required, but if you do not specify a parameter, that parameter’s value reverts to its default value.
aws iam update-account-password-policy <other password options> --password-reuse-prevention 24
Terraform¶
Ensure that the aws_iam_account_password_policy has a
password_reuse_prevention
field set to “24” or greater.
Example Configuration¶
resource "aws_iam_account_password_policy" "example" {
password_reuse_prevention = 24
# other required fields here
}