Password policies are, in part, used to enforce password complexity requirements. IAM password policies can be used to ensure password are at least a given length. It is recommended that the password policy require a minimum password length 14.
Perform the following to ensure the password policy is configured as prescribed:
Via AWS Console
aws iam update-account-password-policy –minimum-password-length 14
Note: All commands starting with “aws iam update-account-password-policy” can be
combined into a single command.
2. CIS CSC v6.0 #5.7, #16.12