AWS logo
Amazon QDetector Library

Restrict IAM password reuse High

The AWS IAM password policy permits the reuse of password. Make sure AWS IAM password policy restrict password reuse.

Detector ID
terraform/restrict-iam-password-reuse-terraform@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1resource "aws_iam_account_password_policy" "pike" {
2  allow_users_to_change_password = false
3  hard_expiry                    = true
4  max_password_age               = 90
5  minimum_password_length        = 14
6  # Noncompliant: `password_reuse_prevention` is less than 24.
7  password_reuse_prevention      = 10
8  require_lowercase_characters   = true
9  require_numbers                = true
10  require_symbols                = true
11  require_uppercase_characters   = true
12}

Compliant example

1resource "aws_iam_account_password_policy" "pike" {
2  allow_users_to_change_password = true
3  hard_expiry                    = true
4  max_password_age               = 90
5  minimum_password_length        = 14
6  # Compliant: `password_reuse_prevention` is set to 24.
7  password_reuse_prevention      = 24
8  require_lowercase_characters   = true
9  require_numbers                = true
10  require_symbols                = true
11  require_uppercase_characters   = true
12}