IAM password policy does not require minimum password length of 7 or does not include alphanumeric characters Affecting IAM service in AWS

Snyk CCSS

IAM / Passwords

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

Snyk ID SNYK-CC-00469
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

An enterprise's password policy should require a password length of at least 7 characters. Setting a password complexity policy increases account resiliency against brute force login attempts.

How to fix?

Set the aws_iam_account_password_policy minimum_password_length field to 7 and set all fields require_numbers, require_lowercase_characters, and require_uppercase_characters to true.

Example Configuration

resource "aws_iam_account_password_policy" "example" {
  minimum_password_length = 7
  require_numbers = true
    require_lowercase_characters = true
    require_uppercase_characters = true
  # other required fields here
}

IAM password policy does not require minimum password length of 7 or does not include alphanumeric characters Affecting IAM service in AWS

Severity

Description

How to fix?

Example Configuration