Ensure IAM Password Policy Minimum Length Rule
This rule ensures IAM password policy requires a minimum length of 14 or higher.
| Rule | Ensure IAM password policy requires a minimum length of 14 or greater |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ Critical |
IAM Password Policy: Minimum Length Requirement
Description
The IAM Password Policy in AWS allows you to enforce specific rules and constraints for user passwords. In order to comply with the NIST 800-53 Revision 5 requirements, you must configure the policy to enforce a minimum length of 14 or greater for user passwords.
Troubleshooting
In case users are unable to set longer passwords or are encountering issues related to the minimum length requirement, follow the steps below to troubleshoot the problem.
1. Verify the IAM Password Policy
- Make sure that the IAM Password Policy is correctly configured.
- Check if the minimum length requirement is set to the desired value (14 or greater).
2. Check User Passwords
- Verify that the user passwords being set meet the minimum length requirement.
- If the passwords are shorter than 14 characters, users must choose a longer password.
3. Verify IAM User Configuration
- Ensure that IAM users are aware of the password policy and the minimum length requirement.
- Educate users on selecting passwords that meet the policy requirements.
4. Reset Passwords (if necessary)
- If the existing user passwords do not meet the policy requirement, force a password reset for affected users.
- Ask users to choose a new password following the minimum length requirement.
Policy Configuration
To enforce a minimum password length of 14 or greater for IAM users in AWS, you need to configure the IAM Password Policy using AWS CLI. Follow the steps below:
1. Install and Configure AWS CLI
- Download and install the AWS Command Line Interface (CLI) on your computer.
- Configure the CLI by running the
command and providing your AWS access key, secret access key, region, and output format.aws configure
2. Create a JSON Policy File
- Open a text editor and create a new file.
- Copy and paste the following JSON policy into the file:
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "iam:UpdateAccountPasswordPolicy",
"Resource": "*",
"Condition": {
"NumericGreaterThan": {
"aws:RequestedMinimumPasswordLength": "13"
}
}
}
}
3. Save and Name the File
- Save the file with an appropriate name, such as
.iam-password-policy.json
4. Apply the Policy using AWS CLI
- Open a terminal or command prompt window.
- Navigate to the directory where you saved the JSON policy file.
- Run the following command:
aws iam update-account-password-policy --cli-input-json file://iam-password-policy.json
5. Verify the Updated Policy
- To verify that the policy has been successfully applied, run the following command:
aws iam get-account-password-policy
- The output should display the updated policy with a minimum password length of 14 or greater.
Conclusion
By following the steps above, you can configure the IAM Password Policy in AWS to comply with the NIST 800-53 Revision 5 requirement for a minimum password length of 14 or greater. Remember to educate users about the policy and troubleshoot any issues they may encounter during the process.