aws-iam-password-policy¶
Ensure that IAM password policy has sufficient complexity based on industry best practices
At the moment, the rules will enforce the following requirements:
- Ensure IAM password policy requires minimum length of 14 or greater
- Ensure IAM password policy requires at least one lowercase letter
- Ensure IAM password policy requires at least one number
- Ensure IAM password policy prevents password reuse
- Ensure IAM password policy requires at least one symbol
- Ensure IAM password policy requires at least one uppercase letter
Examples¶
Insecure Example
resource "aws_iam_account_password_policy" "password-policy" {
minimum_password_length = 10 # Default value is 8
require_lowercase_characters = false
require_numbers = false
require_uppercase_characters = false
require_symbols = false
password_reuse_prevention = false
allow_users_to_change_password = false
}
Secure Example
resource "aws_iam_account_password_policy" "password-policy" {
minimum_password_length = 14
require_lowercase_characters = true
require_numbers = true
require_uppercase_characters = true
require_symbols = true
password_reuse_prevention = true
allow_users_to_change_password = true
}