IAM password policies should require at least one uppercase character

Description

IAM password policies are used to enforce password complexity requirements. Setting a password complexity policy that requires at least one uppercase letter increases account resiliency against brute force login attempts.

Console Remediation Steps

  • Navigate to IAM.

  • In the left navigation, select Account settings.

  • Check the Require at least one uppercase letter checkbox.

  • Click the Apply password policy button.

CLI Remediation Steps

  • Rotate access keys within AWS CLI:

    • aws iam create-access-key

    • aws iam get-access-key-last-used

    • aws iam update-access-key

  • Validate that the new access key is working and then delete the old key.

    • aws iam delete-access-key