Detections
Analytics

Ensure password policy requires minimal length of 7 for AWS IAM Account Password Policy

MEDIUM

Description

If there is no minimum length policy set for passwords, it will leave account vulnerable to brute force attempts.

Remediation

Password policy for AWS accounts can be created and managed in the AWS IAM Console.

In AWS Console -

  1. Sign in to the AWS Console and go to the IAM console.
  2. Choose Account settings in the navigation pane.
  3. Select 'Change password policy' in the Password policy section.
  4. Select the password policy configuration.
  5. Select Save changes.

In Terraform -

  1. Create a new aws_iam_account_password_policy resource.
  2. Set the max_password_age field to an appropriate value.
  3. Set the minimum_password_length field to an appropriate value.
  4. Set the require_numbers field to true.
  5. Set the require_uppercase_characters field to true.
  6. Set the require_lowercase_characters field to true.
  7. Set the require_symbols field to true.

References:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_account_password_policy

Policy Details

Rule Reference ID: AC_AWS_0141
CSP: AWS
Remediation Available: Yes
Domain: Compliance Validation
Resource: aws_iam_account_password_policy
Resource Category: Identity and Access Management (IAM)
Resource Type: Policy

Frameworks