IAM password policies should require a minimum length of 14¶
Description¶
It is recommended that an enterprise’s password policy require a password length of at least 14 characters. Setting a password complexity policy increases account resiliency against brute force login attempts.
Remediation Steps¶
AWS Console¶
Navigate to IAM Account Settings.
Select Change password policy.
In the Enforce minimum password length field, set it to 14 or greater.
Click the Save changes button.
AWS CLI¶
Set password policy to require a minimum of 14 characters.
This operation does not support partial updates. No parameters are required, but if you do not specify a parameter, that parameter’s value reverts to its default value.
aws iam update-account-password-policy <other password options> --minimum-password-length 14
Terraform¶
Ensure that the aws_iam_account_password_policy has a
minimum_password_length
field set to “14”.
Example Configuration¶
resource "aws_iam_account_password_policy" "example" {
minimum_password_length = 14
# other required fields here
}