IAM password policy minimum password length is too short Affecting IAM service in AWS

Snyk CCSS

IAM / Passwords

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-AWS CIS-Controls CSA-CCM NIST-800-53 PCI-DSS

Snyk ID SNYK-CC-00216
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

An enterprise's password policy should require a password length of at least 14 characters. Setting a password complexity policy increases account resiliency against brute force login attempts.

How to fix?

Set the aws_iam_account_password_policy minimum_password_length field to 14.

Example Configuration

resource "aws_iam_account_password_policy" "example" {
  minimum_password_length = 14
  # other required fields here
}

IAM password policy minimum password length is too short Affecting IAM service in AWS

Severity

Description

How to fix?

Example Configuration