iam-password-policy - Amazon Config
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

iam-password-policy

Checks if the account password policy for IAM users meets the specified requirements indicated in the parameters. This rule is NON_COMPLIANT if the account password policy does not meet the specified requirements.

Note

The rule is marked as NON-COMPLIANT when default IAM password policy is used.

Important

The true and false values for the rule parameters are case-sensitive. If true is not provided in lowercase, it will be treated as false.

Identifier: IAM_PASSWORD_POLICY

Trigger type: Periodic

Amazon Web Services Region: All supported Amazon regions

Parameters:

RequireUppercaseCharacters (Optional)
Type: boolean
Default: true

Require at least one uppercase character in password.

RequireLowercaseCharacters (Optional)
Type: boolean
Default: true

Require at least one lowercase character in password.

RequireSymbols (Optional)
Type: boolean
Default: true

Require at least one symbol in password.

RequireNumbers (Optional)
Type: boolean
Default: true

Require at least one number in password.

MinimumPasswordLength (Optional)
Type: int
Default: 14

Password minimum length.

PasswordReusePrevention (Optional)
Type: int
Default: 24

Number of passwords before allowing reuse.

MaxPasswordAge (Optional)
Type: int
Default: 90

Number of days before password expiration.

Amazon CloudFormation template

To create Amazon Config managed rules with Amazon CloudFormation templates, see Creating Amazon Config Managed Rules With Amazon CloudFormation Templates.