🚀Launch Week 07, January 27th - 31st, 2025🚀
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-aws-compliance
Overview
32Dashboards
1295Benchmarks
585Queries
4Variables
GitHub

Control: Ensure IAM password policy requires at least one number

Description

Password policies, in part, enforce password complexity requirements. Use IAM password policies to ensure that passwords use different character sets.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.iam_account_password_policy_one_number

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.iam_account_password_policy_one_number --share

SQL

This control uses a named query:

select
  'arn:' || a.partition || ':::' || a.account_id as resource,
  case
    when require_numbers then 'ok'
    else 'alarm'
  end as status,
  case
    when minimum_password_length is null then 'No password policy set.'
    when require_numbers then 'Number required.'
    else 'Number not required.'
  end as reason
  , a.account_id
from
  aws_account as a
  left join aws_iam_account_password_policy as pol on a.account_id = pol.account_id;

Tags

category = Compliance
gdpr = true
plugin = aws
service = AWS/IAM