CloudWiki
Rules
Medium

Ensure IAM password policy requires minimum length of 14 or greater

Security & Compliance
Description

AWS Identity and Access Management (IAM) allows users to manage access to AWS services and resources. IAM users can be granted access to AWS resources through an access key or a password. A password policy is a set of rules that define the complexity requirements for IAM user passwords. The "Ensure IAM password policy requires minimum length of 14 or greater" means that the password policy for IAM users should require a minimum password length of 14 characters or greater. This helps ensure that IAM user passwords are sufficiently complex and secure, and less susceptible to brute-force attacks. By enforcing a strong password policy, IAM users are encouraged to use passwords that are more difficult to guess or crack, which can help improve the overall security of AWS resources and data. Additionally, IAM users are prompted to change their passwords periodically, further improving the security of their accounts.

Remediation

The following are the remediation steps to ensure that the IAM password policy requires a minimum length of 14 or greater:

  1. Log in to the AWS Management Console as an IAM user with administrator privileges.
  2. Navigate to the IAM dashboard and select "Account settings."
  3. In the "Account settings" page, locate the "Password policy" section and click the "Edit" button.
  4. In the "Edit password policy" dialog box, set the "Minimum password length" option to 14 or greater.
  5. Optionally, you can also configure other password policy settings such as requiring the use of uppercase letters, lowercase letters, numbers, and special characters.
  6. Click the "Save changes" button to save the updated password policy.
  7. Test the new password policy by creating a new IAM user and setting a password that meets the minimum length requirement.
  8. Verify that the new password policy is in effect for all IAM users by checking the IAM console and ensuring that all user passwords meet the minimum length requirement.

By following these steps, you can ensure that the IAM password policy requires a minimum password length of 14 or greater, helping to improve the security of AWS resources and data. Additionally, you can configure other password policy settings to further enhance the security of IAM user passwords.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.