Control: Ensure IAM password policy requires at least one symbol
Description
Password policies, in part, enforce password complexity requirements. Use IAM password policies to ensure that passwords use different character sets. Security Hub recommends that the password policy require at least one symbol. Setting a password complexity policy increases account resiliency against brute force login attempts.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.iam_account_password_policy_one_symbolSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.iam_account_password_policy_one_symbol --shareSQL
This control uses a named query:
select 'arn:' || a.partition || ':::' || a.account_id as resource, case when require_symbols then 'ok' else 'alarm' end as status, case when minimum_password_length is null then 'No password policy set.' when require_symbols then 'Symbol required.' else 'Symbol not required.' end as reason , a.account_idfrom aws_account as a left join aws_iam_account_password_policy as pol on a.account_id = pol.account_id;