IAM Password Policies

An IAM Password Policy in AWS defines the rules and requirements for how IAM users create and manage their passwords. It helps enforce strong security practices by requiring complexity, expiration, and rotation policies.

Why Use IAM Password Policies

  • Prevent weak passwords that are easy to guess.

  • Ensure compliance with security standards

  • Reduce the risk of brute force and credentials-stuffing attacks.

  • Enforce regular password updates and multi-factor authentication (MFA).

Key Features of IAM Password Policies

AWS IAM password policies let you:

  • Set minimum password length (at least 8 characters)

  • Require character complexity (uppercase, lowercase, numbers, symbols).

  • Enable password expiration (force password changes after a specific time).

  • Prevent Password reuse(restrict reusing old passwords).

  • Allow users to change their password(self-service).

  • Enforce multi-factor authentication (MFA) for better security.

Default AWS Password Policy

By default, AWS does not enforce a strict password policy.

  • This means that IAM users can create weak passwords unless and admin enforces stricter rules.

Configuring an IAM Password Policy

Method 1: Using AWS Management Console (GUI)

Steps to configure IAM Password Policy

  1. Sign in to AWS Management Console

  2. In the left Panel, Select Account settings.

  3. Scroll down to password policy and click edit.

  4. Set the password policy rules.

  5. Click save changes.


Method 2: Using AWS CLI

You can also set an IAM password policy using the AWS CLI.

Example,

$ aws iam update-account-password-policy  \
 --minimum-password-length '12'  \
 --require-uppercase-characters  \
 --require-lowercase-characters  \
 --require-numbers  \
 --require-numbers  \
 --requires-symbols  \
 --password-reuse-prevention '5'  \
 --max-password-age '90'  \
 --allow-users-to-change-password



Checking Current IAM Password Policy

To view the current password Policy, run

$ aws iam get-account-password-policy


Deleting an IAM Password Policy


If you need to remove the password policy:

$ aws iam delete-account-password-policy

No comments:
Subscribe to: Posts (Atom)
  • What is Library
    A library is a collection of pre-compiled code (functions, routines, and subroutines) that programs can use to perform common tasks. Librari...
  • su v/s su - command
    The su and su - commands in Linux are both used to switch to another user, typically the root user, but they behave differently in terms o...
  • Message of the Day
    The message of the Day (MOTD) is a banner message displayed automatically to users when they log into a linux system via a terminal or SSH. ...
  • Network File System (NFS)
    Network File System (NFS) is a protocol that allows users to access and share files over a network as if they were on a local file system. I...
  • What is Linux?
      Linux is a popular operating system that powers many devices, from smartphones and laptops to servers and supercomputers. But what exactly...
  • Swap Space in Linux
    SWAP Space in Linux is a dedicated area on a storage device (disk or SSD) used as a backup for system memory (RAM). It serves as an overflow...
  • Linux File Hierarchy System
    One of the most important aspects of any operating system is how it organizes and manages the files and directories on the disk. Linux, bein...
  • What is Linux Kernel?
    If you are a computer user, you might have heard of the term "kernel" before. But what exactly is a kernel and what does it do? In...