IAM Password policy should have requirement for at least one symbol in the password.

Default Severity: medium

Explanation

IAM account password policies should ensure that passwords content including a symbol.

Possible Impact

Short, simple passwords are easier to compromise

Suggested Resolution

Enforce longer, more complex passwords in the policy

Insecure Example

The following example will fail the aws-iam-require-symbols-in-passwords check.

 resource "aws_iam_account_password_policy" "bad_example" {
    # ...
    # require_symbols not set
    # ...
 }

Secure Example

The following example will pass the aws-iam-require-symbols-in-passwords check.

 resource "aws_iam_account_password_policy" "good_example" {
    # ...
    require_symbols = true
    # ...
 }

Links

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_account_password_policy

• https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html#password-policy-details