IAM password without minimum length

Este producto no es compatible con el sitio Datadog seleccionado. ().
Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Metadata

Id: 1bc1c685-e593-450e-88fb-19db4c82aa1d

Cloud Provider: AWS

Platform: Terraform

Severity: Low

Category: Best Practices

Learn More

Description

IAM password policies should enforce a minimum password length to ensure that user passwords are not easily guessable or vulnerable to brute-force attacks. If the minimum_password_length attribute is omitted or set to a low value, such as less than 14, users could create short and weak passwords that are more susceptible to compromise. Without this safeguard, unauthorized users could more easily gain access to sensitive cloud resources, increasing the risk of account takeover and data breaches. Enforcing a strong minimum password length is a critical security measure to help protect AWS accounts and resources from unauthorized access.

Compliant Code Examples

resource "aws_iam_account_password_policy" "negative1" {
  minimum_password_length        = 14
  require_lowercase_characters   = true
  require_numbers                = true
  require_uppercase_characters   = true
  require_symbols                = true
  allow_users_to_change_password = true
}

Non-Compliant Code Examples

resource "aws_iam_account_password_policy" "positive1" {
  require_lowercase_characters   = true
  require_numbers                = true
  require_uppercase_characters   = true
  require_symbols                = true
  allow_users_to_change_password = true
}

resource "aws_iam_account_password_policy" "positive2" {
  minimum_password_length        = 3
  require_lowercase_characters   = true
  require_numbers                = true
  require_uppercase_characters   = true
  require_symbols                = true
  allow_users_to_change_password = true
}