AWS_IAM_10

Ensure IAM password policy prevents password reuse

Description

IAM password policies can prevent the reuse of a given password by the same user. It is recommended that the password policy prevent the reuse of passwords.

Remediation

Perform the following to set the password policy as prescribed :

Via AWS Console

  1. Login to AWS Console (with appropriate permissions to View Identity Access
    Management Account Settings)
  2. Go to IAM Service on the AWS Console
  3. Click on Account Settings on the Left Pane
  4. Check Prevent password reuse”
  5. Set “Number of passwords to remember” is set to 24

Via CLI

aws iam update-account-password-policy –password-reuse-prevention 24

Note: All commands starting with “aws iam update-account-password-policy” can be
combined into a single command.

References:
1. CCE-78908-1

Service

IAM

Severity

Medium

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!