Description
Password policies are, in part, used to enforce password complexity requirements. IAM password policies can be used to ensure password are at least a given length. It is recommended that the password policy require a minimum password length 14.
Rationaleβ
Setting a password complexity policy increases account resiliency against brute force login attempts.
Auditβ
Perform the following to ensure the password policy is configured as prescribed:
From Consoleβ
- Login to AWS Console (with appropriate permissions to View Identity Access Management Account Settings).
- Go to IAM Service on the AWS Console.
- Click on Account Settings on the Left Pane.
- Ensure "Minimum password length" is set to 14 or greater.
From Command Lineβ
- Run the following command:
aws iam get-account-password-policy
Ensure the output of the above command includes "MinimumPasswordLength": 14 (or higher).
Referencesβ
- CCE-78907-3
- https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html
- https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#configure-strong-password-policy
Additional Informationβ
Ensure the password policy also includes requirements for password complexity, such as the inclusion of uppercase letters, lowercase letters, numbers, and special characters:
aws iam update-account-password-policy --require-uppercase-characters --require-lowercase-characters --require-numbers --require-symbols