IAM password policies should have a minimum length of 7 and include both alphabetic and numeric characters¶
IAM password policies are used to enforce password complexity requirements and increase account resiliency against brute force login attempts. Password policies should require passwords to be at least 7 characters long and include both alphabetic and numeric characters.
Console Remediation Steps¶
Navigate to Identity and Access Management.
In the left navigation, select Account Settings.
In the Minimum password length field, enter 7.
Check Require at least one number.
Click Apply password policy.
CLI Remediation Steps¶
Set password policy to have a minimum length of 7 and include both alphabetic and numeric characters.
This operation does not support partial updates. No parameters are required, but if you do not specify a parameter, that parameter’s value reverts to its default value.
aws iam update-account-password-policy <other password options> --require-numbers --minimum-password-length 7