AWS042 - IAM Password policy should have requirement for at least one lowercase character.

Written by tfsec

Explanation

IAM account password policies should ensure that passwords content including at least one lowercase character.

Insecure Example

The following example will fail the AWS042 check.

resource "aws_iam_account_password_policy" "bad_example" {
	# ...
	# require_lowercase_characters not set
	# ...
}

Secure Example

The following example will pass the AWS042 check.

resource "aws_iam_account_password_policy" "good_example" {
	# ...
	require_lowercase_characters = true
	# ...
}

Related Links

• https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html#password-policy-details

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_account_password_policy

---