Implementation of a strong password policy
Resources:
WeakIAMUser:
Type: AWS::IAM::User
Properties:
UserName: my-user
WeakLoginProfile:
Type: AWS::IAM::LoginProfile
Properties:
UserName: !Ref WeakIAMUser
Password: "TemporaryPassword123"
PasswordResetRequired: false
This CloudFormation example creates an IAM user but does not enforce any account-level password policy. Without such a policy, users can set weak passwords, making accounts more susceptible to brute-force or guessing attacks.
Resources:
StrongPasswordPolicy:
Type: AWS::IAM::AccountPasswordPolicy
Properties:
MinimumPasswordLength: 14
RequireUppercaseCharacters: true
RequireLowercaseCharacters: true
RequireNumbers: true
RequireSymbols: true
AllowUsersToChangePassword: true
PasswordReusePrevention: 5
MaxPasswordAge: 90
This CloudFormation example includes a strong password policy using the AWS::IAM::AccountPasswordPolicy resource. It enforces complexity requirements such as minimum length, uppercase, lowercase, numbers, symbols, and password expiration.