MEDIUM
Source
Trivy/CSPM
CSPM ID
password-requires-symbols
Frameworks

CIS AWS 1.2

ID
AVD-AWS-0060

IAM Password policy should have requirement for at least one symbol in the password.

IAM account password policies should ensure that passwords content including a symbol.

Impact

Follow the appropriate remediation steps below to resolve the issue.

  1. Log in to the AWS Management Console.

  2. Select the “Services” option and search for IAM. Step

  3. Scroll down the left navigation panel and choose “Account Settings” under “Access management”. Step

  4. Under the “Password Policy” configuration panel scroll down and click on “Change password policy” button.Step

  5. Under the “Password Policy” configuration panel scroll down and check the “Require at least one non-alphanumeric character (! @ # $ % ^ & * ( ) _ + - = [ ] { } | ‘)”. If the checkbox is not selected, then the password policy does not enforce the use of symbols in password.Step

  6. Click on the checkbox next to “Require at least one non-alphanumeric character (! @ # $ % ^ & * ( ) _ + - = [ ] { } | ‘)” so “Password Policy” requires at least one symbol to make the password more strong and secure. Step

  7. Click on the “Save changes” button to make the necessary changes.Step

  8. Now “Password Policy” will enforce the use of symbols in password.

Enforce longer, more complex passwords in the policy

1
2
3
4
5
resource "aws_iam_account_password_policy" "good_example" {
  # ...
  require_symbols = true
  # ...
}