AWS_IAM_24

Ensure Password Policy is enforced for all the users

Description

A password policy can be set on your AWS account to specify complexity requirements and mandatory rotation periods for your IAM users’ passwords. You can use a password policy to do these things: Set a minimum password length. Require specific character types, including uppercase letters, lowercase letters, numbers, and non-alphanumeric characters. Be sure to remind your users that passwords are case sensitive. Allow all IAM users to change their own passwords. Require IAM users to change their password after a specified period of time (enable password expiration). Prevent IAM users from reusing previous passwords. Force IAM users to contact an account administrator when the user has allowed his or her password to expire.

Remediation

As part of managing the password policy, you can let all users manage their own passwords.

To create or change a password policy (console)

  1.  Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/
  2. In the navigation pane, click Account Settings
  3. In the Password Policy section, select the options you want to apply to your password policy
  4. Click Apply Password Policy.

Setting a Password Policy (AWS CLI)

To manage an account password policy from the AWS CLI, run the following commands:

  • To create or change a password policy: aws iam update-account-password-policy
  • To retrieve the password policy: aws iam get-account-password-policy
  • To delete a password policy: aws iam delete-account-password-policy

Setting a Password Policy (AWS API)

To manage an account password policy from the AWS API, call the following operations:

  • To create or change a password policy: UpdateAccountPasswordPolicy
  • To retrieve the password policy: GetAccountPasswordPolicy To delete a password policy: DeleteAccountPasswordPolicy

References: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html

Service

IAM

Severity

Medium

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!