Ensure IAM password policy is set to a strong password
Rating | ⚠ - Medium |
---|---|
Description
IAM Password Policy specifies the password complexity requirements for the AWS IAM users.
Vulnerability
Weak password policies will cause users to select weak, easy to guess passwords.
Remediation
Follow the AWS Best Practices to set an IAM Password Policy.
- 1.5 Ensure IAM password policy requires at least one uppercase letter
- 1.6 Ensure IAM password policy require at least one lowercase letter
- 1.7 Ensure IAM password policy require at least one symbol
- 1.8 Ensure IAM password policy require at least one number
- 1.11 Ensure IAM password policy expires passwords within 90 days or less
References
- AWS CIS v.1.2.0 - 1.5
- AWS CIS v.1.2.0 - 1.6
- AWS CIS v.1.2.0 - 1.7
- AWS CIS v.1.2.0 - 1.8
- AWS CIS v.1.2.0 - 1.11