Skip to content

aws-iam-password-policy

Ensure that IAM password policy has sufficient complexity based on industry best practices

At the moment, the rules will enforce the following requirements:

  • Ensure IAM password policy requires minimum length of 14 or greater
  • Ensure IAM password policy requires at least one lowercase letter
  • Ensure IAM password policy requires at least one number
  • Ensure IAM password policy prevents password reuse
  • Ensure IAM password policy requires at least one symbol
  • Ensure IAM password policy requires at least one uppercase letter

Examples

Insecure Example

resource "aws_iam_account_password_policy" "password-policy" {
  minimum_password_length        = 10 # Default value is 8
  require_lowercase_characters   = false
  require_numbers                = false
  require_uppercase_characters   = false
  require_symbols                = false
  password_reuse_prevention      = false
  allow_users_to_change_password = false
}

Secure Example

resource "aws_iam_account_password_policy" "password-policy" {
  minimum_password_length        = 14 
  require_lowercase_characters   = true
  require_numbers                = true
  require_uppercase_characters   = true
  require_symbols                = true
  password_reuse_prevention      = true
  allow_users_to_change_password = true
}

More information