- Home
- »
- AWS Documentation
- »
- IAM
- »
- Ensure AWS IAM password policy has a number
AWS IAM password policy does not have a number
Description
Password policies are implemented to enforce compliance with defined password complexity standards. The IAM password policy should be configured to mandate the inclusion of multiple character types. Specifically, the policy should require passwords to contain at least one special character, thereby enhancing security and providing additional protection against brute force attack techniques.
Fix - Runtime
AWS Console
To change the password policy in the AWS Console you will need appropriate permissions to View Identity Access Management Account Settings.
To manually set the password policy with a minimum length, follow these steps:
- Log in to the AWS Management Console as an IAM user at https://console.aws.amazon.com/iam/.
- Navigate to IAM Services.
- On the Left Pane click Account Settings.
- Select Require at least one number.
- Click Apply password policy.
CLI Command
To change the password policy, use the following command:
aws iam update-account-password-policy --require-numbers
📘 Note
All commands starting with aws iam update-account-password-policy can be combined into a single command.
Fix - Buildtime
Terraform
resource "aws_iam_account_password_policy" "strict" {
minimum_password_length = 8
require_lowercase_characters = true
require_numbers = true
require_uppercase_characters = true
require_symbols = true
allow_users_to_change_password = true
}