lacework-global-37
1.8 Ensure IAM password policy requires minimum length of 14 or greater (Automated)
Profile Applicability
• Level 1
Description
Password policies are, in part, used to enforce password complexity requirements. IAM password policies can be used to ensure password are at least a given length. It is recommended that the password policy require a minimum password length 14.
Rationale
Setting a password complexity policy increases account resiliency against brute force login attempts.
Audit
Perform the following to ensure the password policy is configured as prescribed:
From Console
- Login to AWS Console (with appropriate permissions to View Identity Access Management Account Settings)
- Go to IAM Service on the AWS Console
- Click on Account Settings on the Left Pane
- Ensure "Minimum password length" is set to 14 or greater.
From Command Line
aws iam get-account-password-policy
Ensure the output of the above command includes "MinimumPasswordLength": 14 (or higher)
Remediation
Perform the following to set the password policy as prescribed:
From Console
- Login to AWS Console (with appropriate permissions to View Identity Access Management Account Settings)
- Go to IAM Service on the AWS Console
- Click on Account Settings on the Left Pane
- Set "Minimum password length" to
14
or greater. - Click "Apply password policy"
From Command Line
aws iam update-account-password-policy --minimum-password-length 14
note
All commands starting with "aws iam update-account-password-policy" can be combined into a single command.
References
CCE-78907-3
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html
https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#configure-strong-password-policy