IAM Password policy should have requirement for at least one number in the password.

Explanation

IAM account password policies should ensure that passwords content including at least one number.

Insecure Example

The following example will fail the AWS041 check.

resource "aws_iam_account_password_policy" "strict" {
	# ...
	# require_numbers not set
	# ...
}

Secure Example

The following example will pass the AWS041 check.

resource "aws_iam_account_password_policy" "strict" {
	# ...
	require_numbers = true
	# ...
}

Related Links

• https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html#password-policy-details

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_account_password_policy