Resource Type: AWS > IAM > Account Password Policy

Resource Context

Account Password Policy is a part of the IAM service.

Each Account Password Policy lives under an Account.

Controls

The primary controls for AWS > IAM > Account Password Policy are:

• CMDB
• Configured
• Discovery
• Intelligent Assessment
• Prevention
• Settings

It is also targeted by these controls:

• AWS > CIS v1 > 1 Identity and Access Management > 1.05 Ensure IAM password policy requires at least one uppercase letter (Scored)
• AWS > CIS v1 > 1 Identity and Access Management > 1.06 Ensure IAM password policy require at least one lowercase letter (Scored)
• AWS > CIS v1 > 1 Identity and Access Management > 1.07 Ensure IAM password policy require at least one symbol (Scored)
• AWS > CIS v1 > 1 Identity and Access Management > 1.08 Ensure IAM password policy require at least one number (Scored)
• AWS > CIS v1 > 1 Identity and Access Management > 1.09 Ensure IAM password policy requires minimum length of 14 or greater (Scored)
• AWS > CIS v1 > 1 Identity and Access Management > 1.10 Ensure IAM password policy prevents password reuse (Scored)
• AWS > CIS v1 > 1 Identity and Access Management > 1.11 Ensure IAM password policy expires passwords within 90 days or less (Scored)
• AWS > CIS v1.4 > 1 - Identity and Access Management > 1.08 - Ensure IAM password policy requires minimum length of 14 or greater (Automated)
• AWS > CIS v1.4 > 1 - Identity and Access Management > 1.09 - Ensure IAM password policy prevents password reuse (Automated)
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.08 - Ensure IAM password policy requires minimum length of 14 or greater
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.09 - Ensure IAM password policy prevents password reuse
• AWS > CIS v3.0 > 1 - Identity and Access Management > 1.08 - Ensure IAM password policy requires minimum length of 14 or greater
• AWS > CIS v3.0 > 1 - Identity and Access Management > 1.09 - Ensure IAM password policy prevents password reuse
• AWS > CIS v4.0 > 1 - Identity and Access Management > 1.08 - Ensure IAM password policy requires minimum length of 14 or greater
• AWS > CIS v4.0 > 1 - Identity and Access Management > 1.09 - Ensure IAM password policy prevents password reuse
• AWS > CIS v5.0 > 1 - Identity and Access Management > 1.07 - Ensure IAM password policy requires minimum length of 14 or greater
• AWS > CIS v5.0 > 1 - Identity and Access Management > 1.08 - Ensure IAM password policy prevents password reuse
• AWS > CIS v6.0 > 2 - Identity and Access Management > 2.07 - Ensure IAM password policy requires minimum length of 14 or greater
• AWS > CIS v6.0 > 2 - Identity and Access Management > 2.08 - Ensure IAM password policy prevents password reuse
• AWS > HIPAA > IAM > Ensure IAM password policy requires a minimum length of 14 or greater
• AWS > HIPAA > IAM > IAM password policies for users should have strong configurations
• AWS > NIST 800-53 > IAM > Ensure IAM password policy requires a minimum length of 14 or greater
• AWS > NIST 800-53 > IAM > IAM password policies for users should have strong configurations

Quick Actions

• Router
• Set Password Policy

Category

• IAM

In Your Workspace

• Controls by Resource Type report
• Policy Settings by Resource Type report
• Resources by Resource Type report

Developers

Resource Type URI

tmod:@turbot/aws-iam#/resource/types/accountPasswordPolicy

Category URI

tmod:@turbot/turbot#/resource/categories/iam

GraphQL

query resource(id: "tmod:@turbot/aws-iam#/resource/types/accountPasswordPolicy") { … }

query resourceActivities(filter: "resourceId:'tmod:@turbot/aws-iam#/resource/types/accountPasswordPolicy'") { … }

mutation createResource(input: { … })

mutation updateResource(input: { … })

CLI

Get Resource

turbot graphql resource --id "tmod:@turbot/aws-iam#/resource/types/accountPasswordPolicy"

Steampipe Query

Get Resource

select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/aws-iam#/resource/types/accountPasswordPolicy';

Get Policy Settings (By Resource ID)

select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/aws-iam#/resource/types/accountPasswordPolicy"';

Get Resource Notification

select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/aws-iam#/resource/types/accountPasswordPolicy' and notification_type in ('resource_updated', 'resource_created');