AWS Password Policies: Know Your Options
Contents
AWS Password Policies: Know Your Options#
Your AWS account is the key to your cloud resources. That’s why it’s critical to have strong password policies in place to protect your account and data. But with so many options available, it can be hard to know where to start. In this blog post, we’ll give you an overview of the different types of password policies available in AWS, and how to choose the right one for your needs.
Password Administration: Policies#
The choices available for setting a password policy for your account are described below. They all require at least:
one capital letter: You can demand at least one capital character from the International Organization for Standardization (ISO) basic Latin alphabet in IAM client passwords (A to Z).
one lower-case character: You may make it compulsory for your user passwords to have at minimum one lower-case letter ranging from a to z.
a single number: You may make it compulsory for your IAM user passwords to have at least one numeric character (from 0 to 9).
one unique non-alphanumeric character: An alpha-numeric character comprises of numbers and alphabet. You can also require IAM user passwords to include at minimum one of the these non alphabet or number including symbols : ! @ # $ % & \ * ( ) + - = [ ] |
You have also various other options as follows:
Minimum password: You may define the minimum number of characters required in an IAM user password via a password policy. The allowed range is any number between 6 and 128.
iam:ChangePassword action: You may also grant IAM users pertaining to your account ChangePassword action. They may then use the IAM dashboard to update their personal passwords.
Password expiry: IAM user passwords can be set to be viable for a specific amount of days. You define how long passwords are usable once they are created. You may set the password end date to anything from 1 to 1,095 days.
Password reuse: Prevent IAM users, using the same password again. You may limit the number of former passwords that IAM members can use. The number of earlier passwords can be adjusted from 1 to 24, included.
Other password policy considerations#
You may restrict IAM members from changing their password when their existing one expires.
If you prevent a user from selecting a new password following expiration, the user will be prompted to create a new password prior to gaining access to the AWS Management Console.
You can also restrict certain clients from managing passwords. If you provide your IAM members the ability to update their own passwords, IAM automatically gives them access to the password policy. To establish a password that conforms with the policy, IAM users must be granted access to the account’s password policy.
When a password expires, an system administrator must restore it.
When an IAM user’s password is about to expire, the AWS Management Console notifies them (15 days before expiration). Members of IAM may update their passwords provided that they are permitted for this action. Once they reset the password, the rotating time for that password begins again.
An IAM user can only have one active password at that time.
Conclusion#
Upon completion of this blog post, now you know which password policy options you have that you can implement according to your business needs.
See also
Want to learn practical cloud skills? Enroll in MCSI’s - MCSF Cloud Services Fundamentals