AWS > Iam > Require Uppercase In Passwords
MEDIUM
Source
Trivy/CSPM
CSPM ID
password-requires-uppercase
Frameworks

CIS AWS 1.2

ID
AVD-AWS-0061

IAM Password policy should have requirement for at least one uppercase character.

, IAM account password policies should ensure that passwords content including at least one uppercase character.

Impact

Short, simple passwords are easier to compromise

Follow the appropriate remediation steps below to resolve the issue.

  1. Log into the AWS Management Console.
  2. Select the “Services” option and search for IAM. Step
  3. Scroll down the left navigation panel and choose “Account Settings”. Step
  4. Under the “Password Policy” configuration panel scroll down and check the “Require at least one uppercase letter”. If the checkbox is not selected than the password policy does not enforces the use of uppercase letters in password.Step
  5. Repeat steps number 3 and 4 to ensures password policy requires uppercase letters.
  6. Click on the checkbox next to “Require at least one uppercase letter” so “Password Policy” requires at least one uppercase letter to make the password more strong and secure. Step
  7. Click on the “Apply Password Policy” button to make the necessary changes.Step

Enforce longer, more complex passwords in the policy

1
2
3
4
5
resource "aws_iam_account_password_policy" "good_example" {
  # ...
  require_uppercase_characters = true
  # ...
}