IAM Password policy without number

ID

aws_iam_password_number

Severity

low

Vendor

AWS

Resource

IAM

Tags

reachable

Description

IAM Password policy without number. If the password is simple, the chance of the password being compromised is higher.

To fix it, you must configure require_numbers=true.

Learn more about this topic at AWS IAM password policy.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Password policy for AWS account
      community.aws.iam_password_policy:
        state: present
        min_pw_length: 8
        require_symbols: false
        require_numbers: false
        require_uppercase: true
        require_lowercase: true
        allow_pw_change: true
        pw_reuse_prevent: 5
        pw_expire: false

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Password policy for AWS account
      community.aws.iam_password_policy:
        state: present
        min_pw_length: 8
        require_symbols: true
        require_numbers: true
        require_uppercase: true
        require_lowercase: true
        allow_pw_change: true
        pw_max_age: 60
        pw_reuse_prevent: 5
        pw_expire: false