IAM password policies should require at least one uppercase character

Description

IAM password policies are used to enforce password complexity requirements. Setting a password complexity policy that requires at least one uppercase letter increases account resiliency against brute force login attempts.

Remediation Steps

AWS Console

  • Navigate to IAM.

  • In the left navigation, select Account settings.

  • Check the Require at least one uppercase letter checkbox.

  • Click the Apply password policy button.

AWS CLI

  • Set password policy to require at least one uppercase character.

  • This operation does not support partial updates. No parameters are required, but if you do not specify a parameter, that parameter’s value reverts to its default value.

    • aws iam update-account-password-policy <other password options> --require-uppercase-characters

Terraform

Example Configuration

resource "aws_iam_account_password_policy" "example" {
  require_uppercase_characters = true
  # other required fields here
}