iam

Checks

• enforce-group-mfa IAM groups should have MFA enforcement activated.

• no-password-reuse IAM Password policy should prevent password reuse.

• no-policy-wildcards IAM policy should avoid use of wildcards and instead apply the principle of least privilege

• no-root-access-keys The root user has complete access to all services and resources in an AWS account. AWS Access Keys provide programmatic access to a given account.

• no-user-attached-policies IAM policies should not be granted directly to users.

• require-lowercase-in-passwords IAM Password policy should have requirement for at least one lowercase character.

• require-numbers-in-passwords IAM Password policy should have requirement for at least one number in the password.

• require-symbols-in-passwords IAM Password policy should have requirement for at least one symbol in the password.

• require-uppercase-in-passwords IAM Password policy should have requirement for at least one uppercase character.

• set-max-password-age IAM Password policy should have expiry less than or equal to 90 days.

• set-minimum-password-length IAM Password policy should have minimum password length of 14 or more characters.