IAM Password policy should have requirement for at least one symbol in the password.

Explanation

IAM account password policies should ensure that passwords content including a symbol.

Insecure Example

The following example will fail the AWS040 check.

resource "aws_iam_account_password_policy" "strict" {
	# ...
	# require_symbols not set
	# ...
}

Secure Example

The following example will pass the AWS040 check.

resource "aws_iam_account_password_policy" "strict" {
	# ...
	require_symbols = true
	# ...
}

Related Links

• https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html#password-policy-details

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_account_password_policy