IAM password policies should prevent reuse of the four previously used passwords

Description

IAM password policies should prevent users from reusing any of their previous 4 passwords. Preventing password reuse increases account resiliency against brute force login attempts.

Remediation Steps

AWS Console

  • Navigate to Identity and Access Management.

  • In the left navigation, select Account Settings.

  • Check Prevent password reuse.

  • In Number of passwords to remember, enter 4.

  • Click Apply password policy.

AWS CLI

  • Set number of passwords to remember to 4.

  • This operation does not support partial updates. No parameters are required, but if you do not specify a parameter, that parameter’s value reverts to its default value.

    • aws iam update-account-password-policy <other password options> --password-reuse-prevention 4

Terraform

Example Configuration

resource "aws_iam_account_password_policy" "example" {
  password_reuse_prevention = 4
  # other required fields here
}