AWS041 - IAM Password policy should have requirement for at least one number in the password.

Written by tfsec

Explanation

IAM account password policies should ensure that passwords content including at least one number.

Insecure Example

The following example will fail the AWS041 check.

resource "aws_iam_account_password_policy" "bad_example" {
	# ...
	# require_numbers not set
	# ...
}

Secure Example

The following example will pass the AWS041 check.

resource "aws_iam_account_password_policy" "good_example" {
	# ...
	require_numbers = true
	# ...
}

Related Links

• https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html#password-policy-details

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_account_password_policy

---