IAM Password policy has no the minimum length

ID

aws_iam_password_length

Severity

low

Vendor

AWS

Resource

IAM

Tags

reachable

Description

IAM Password policy has no the minimum length. If the password is simple, the chance of the password being compromised is higher.

The password length should be equal or greater than 8. You can modify this number by the minimum_length property.

To fix it, you must configure min_pw_length >= 8.

Learn more about this topic at AWS IAM password policy.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Password policy for AWS account
      community.aws.iam_password_policy:
        state: present
        min_pw_length: 8
        require_symbols: false
        require_numbers: false
        require_uppercase: true
        require_lowercase: true
        allow_pw_change: true
        pw_reuse_prevent: 5
        pw_expire: false

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Password policy for AWS account
      community.aws.iam_password_policy:
        state: present
        min_pw_length: 8
        require_symbols: true
        require_numbers: true
        require_uppercase: true
        require_lowercase: true
        allow_pw_change: true
        pw_max_age: 60
        pw_reuse_prevent: 5
        pw_expire: false