Control: Ensure IAM password policy requires at least one lowercase letter
Description
Password policies, in part, enforce password complexity requirements. Use IAM password policies to ensure that passwords use different character sets. Security Hub recommends that the password policy require at least one lowercase letter. Setting a password complexity policy increases account resiliency against brute force login attempts.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.iam_account_password_policy_one_lowercase_letterSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.iam_account_password_policy_one_lowercase_letter --shareSQL
This control uses a named query:
select 'arn:' || a.partition || ':::' || a.account_id as resource, case when require_lowercase_characters then 'ok' else 'alarm' end as status, case when minimum_password_length is null then 'No password policy set.' when require_lowercase_characters then 'Lowercase character required.' else 'Lowercase character not required.' end as reason , a.account_idfrom aws_account as a left join aws_iam_account_password_policy as pol on a.account_id = pol.account_id;