AWS-004 Amazon Web Services (AWS)

Strong IAM password policy is enforced.

Strong IAM password policy is enforced.

Domain
Amazon Web Services (AWS)
Area
IAM
Automated / manual
Automated

Risk if it fails

Weak passwords are easily brute-forced or guessed.

Short or simple passwords let attackers guess their way into the console. Once inside they pivot to data, infrastructure, and other identities.

How Tess tests it

1 test — each concludes only on cited evidence.

Strong IAM password policy is enforced.

Automated
Procedure
Retrieve the account password policy and confirm length >=14, complexity, reuse prevention and rotation.

Read-only command 

aws iam get-account-password-policy

More in Amazon Web Services (AWS)

AWS-001 Root account MFA is enabled. AWS-002 No access keys exist on the root account. AWS-003 Root account is not used for day-to-day activity. AWS-005 MFA is enabled for all IAM users with console access.

Want Tess to test AWS-004 against your evidence?

Book a demo