IAM password policies should have a minimum length of 7 and include both alphabetic and numeric characters¶
Description¶
IAM password policies are used to enforce password complexity requirements and increase account resiliency against brute force login attempts. Password policies should require passwords to be at least 7 characters long and include both alphabetic and numeric characters.
Remediation Steps¶
AWS Console¶
Navigate to Identity and Access Management.
In the left navigation, select Account Settings.
In the Minimum password length field, enter 7.
Check Require at least one number.
Click Apply password policy.
AWS CLI¶
Set password policy to have a minimum length of 7 and include both alphabetic and numeric characters.
This operation does not support partial updates. No parameters are required, but if you do not specify a parameter, that parameter’s value reverts to its default value.
aws iam update-account-password-policy <other password options> --require-numbers --minimum-password-length 7
Terraform¶
Ensure that the aws_iam_account_password_policy has a
minimum_password_length
field set to “7”, arequire_numbers
field set to “true”, and arequire_lowercase_characters
field set to “true”.
Example Configuration¶
resource "aws_iam_account_password_policy" "example" {
minimum_password_length = 7
require_numbers = true
require_lowercase_characters = true
# other required fields here
}