IAM password policies should require at least one symbol¶
Description¶
IAM password policies are used to enforce password complexity requirements. Setting a password complexity policy that requires at least one symbol increases account resiliency against brute force login attempts.
Remediation Steps¶
AWS Console¶
Navigate to IAM.
In the left navigation, select Account settings.
Check the Require at least one non-alphanumeric character checkbox.
Click the Apply password policy button.
AWS CLI¶
Set password policy to require at least one symbol.
This operation does not support partial updates. No parameters are required, but if you do not specify a parameter, that parameter’s value reverts to its default value.
aws iam update-account-password-policy <other password options> --require-symbols
Terraform¶
Ensure that the aws_iam_account_password_policy has a
require_symbols
field set to “true”.
Example Configuration¶
resource "aws_iam_account_password_policy" "example" {
require_symbols = true
# other required fields here
}