Control: Ensure IAM password policy prevents password reuse
Description
This control checks whether the number of passwords to remember is set to 24. The control fails if the value is not 24. IAM password policies can prevent the reuse of a given password by the same user.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.iam_account_password_policy_reuse_24Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.iam_account_password_policy_reuse_24 --shareSQL
This control uses a named query:
select 'arn:' || a.partition || ':::' || a.account_id as resource, case when password_reuse_prevention >= 24 then 'ok' else 'alarm' end as status, case when minimum_password_length is null then 'No password policy set.' when password_reuse_prevention is null then 'Password reuse prevention not set.' else 'Password reuse prevention set to ' || password_reuse_prevention || '.' end as reason , a.account_idfrom aws_account as a left join aws_iam_account_password_policy as pol on a.account_id = pol.account_id;