IAM password policy should prevent the reuse of passwords

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

IAM password policies can prevent the reuse of a given password by the same user. It is recommended that the password policy prevent the reuse of passwords.

Rationale

Preventing password reuse increases account resiliency against brute force login attempts.

Remediation

From the console

  1. Log in to the AWS Console. Use an account that has permission to view identity access management account settings.
  2. Navigate to IAM service.
  3. Click on Account Settings on the left pane.
  4. Ensure that the Prevent password reuse checkbox is selected.
  5. Set Number of passwords to remember to 24.

From the command line

aws iam update-account-password-policy --password-reuse-prevention 24
  • Note: All commands starting with aws iam update-account-password-policy can be combined into a single command.

References

  1. https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cis_aws_benchmark_level_1.html
  2. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html
  3. https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#configure-strong-password-policy