Control: Password policies for IAM users should have strong configurations with minimum length of 8 or greater
Description
This control checks whether the account password policy for IAM users uses the recommended configurations.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.iam_account_password_policy_strong_min_length_8Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.iam_account_password_policy_strong_min_length_8 --shareSQL
This control uses a named query:
select 'arn:' || a.partition || ':::' || a.account_id as resource, case when minimum_password_length >= 8 and require_lowercase_characters = 'true' and require_uppercase_characters = 'true' and require_numbers = 'true' and require_symbols = 'true' then 'ok' else 'alarm' end as status, case when minimum_password_length is null then 'No password policy set.' when minimum_password_length >= 8 and require_lowercase_characters = 'true' and require_uppercase_characters = 'true' and require_numbers = 'true' and require_symbols = 'true' then 'Strong password policies configured.' else 'Password policy ' || concat_ws(', ', case when minimum_password_length < 8 then ('minimum password length set to ' || minimum_password_length) end, case when not (require_lowercase_characters = 'true') then 'lowercase characters not required' end, case when not (require_uppercase_characters = 'true') then 'uppercase characters not required' end, case when not (require_numbers) then 'numbers not required' end, case when not (require_symbols) then 'symbols not required' end ) || '.' end as reason , a.account_idfrom aws_account as a left join aws_iam_account_password_policy as pol on a.account_id = pol.account_id;