IAM password policy does not require lowercase letter

문서 > Datadog 보안 > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > IAM password policy does not require lowercase letter

이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

Id: a1b2c3d4-e5f6-7890-ab12-cd34ef567890

Cloud Provider: AWS

Platform: Terraform

Severity: Medium

Category: Best Practices

Learn More

Provider Reference

Description

This check ensures that the AWS IAM password policy enforces the use of at least one lowercase letter in user passwords by setting require_lowercase_characters = true in the aws_iam_account_password_policy resource. If this setting is left as require_lowercase_characters = false, passwords are less complex and easier for attackers to guess or brute-force, increasing the risk of unauthorized access to AWS resources. Weak password policies can significantly undermine the security posture of your AWS environment.

Compliant Code Examples

resource "aws_iam_account_password_policy" "good_example" {
  minimum_password_length      = 14
  require_symbols              = true
  require_numbers              = true
  require_lowercase_characters = true
  require_uppercase_characters = true
}

Non-Compliant Code Examples

resource "aws_iam_account_password_policy" "bad_example" {
  minimum_password_length      = 14
  require_symbols              = true
  require_numbers              = true
  require_lowercase_characters = false
  require_uppercase_characters = true
}