Skip to content

AWS IAM password policy does not have an uppercase character

Description

Password policies are used to enforce the creation and use of password complexity. Your IAM password policy should be set for passwords to require the inclusion of different character types. The password policy should enforce passwords contain at least one uppercase letter, this increases security, especially from a brute force attack.

Fix - Runtime

AWS Console

To change the password policy in the AWS Console you will need appropriate permissions to View Identity Access Management Account Settings.

To manually set the password policy with a minimum length, follow these steps:

  1. Log in to the AWS Management Console as an IAM user at https://console.aws.amazon.com/iam/.
  2. Navigate to IAM Services.
  3. On the Left Pane click Account Settings.
  4. Select Requires at least one uppercase letter.
  5. Click Apply password policy.

CLI Command

To change the password policy, use the following command:

aws iam update-account-password-policy --require-uppercase-characters

Fix - Buildtime

Terraform

Resource:

Argument: require_uppercase_characters

📘 Note

All commands starting with aws iam update-account-password-policy can be combined into a single command.