Control: Ensure IAM password policy requires at least one symbol
Description
Password policies, in part, enforce password complexity requirements. Use IAM password policies to ensure that passwords use different character sets. Security Hub recommends that the password policy require at least one symbol. Setting a password complexity policy increases account resiliency against brute force login attempts.
Usage
Run the control in your terminal:
powerpipe control run terraform_aws_compliance.control.iam_account_password_policy_one_symbolSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run terraform_aws_compliance.control.iam_account_password_policy_one_symbol --shareSQL
This control uses a named query:
select address as resource, case when (attributes_std -> 'require_symbols') is null then 'alarm' when (attributes_std -> 'require_symbols')::boolean then 'ok' else 'alarm' end as status, split_part(address, '.', 2) || case when (attributes_std -> 'require_symbols') is null then ' symbol not set to required' when (attributes_std -> 'require_symbols')::boolean then ' symbol set to required' else ' symbol not set to required' end || '.' as reason , path || ':' || start_linefrom terraform_resourcewhere type = 'aws_iam_account_password_policy';