"As soon as you have passwords you need a password policy" - © captain obvious
Limitations:
AWS allows you to have only one password policy for whole AWS account.
You can configure it using web GUI or, if you prefer to have all your infrastructure and security as code, using boto and python:
#!/usr/bin/python
import boto3
import pprint
boto3.setup_default_session(profile_name='staging')
iam=boto3.resource('iam')
account_password_policy = iam.AccountPasswordPolicy()
response = account_password_policy.update(
MinimumPasswordLength=12,
RequireSymbols=True,
RequireNumbers=True,
RequireUppercaseCharacters=True,
RequireLowercaseCharacters=True,
AllowUsersToChangePassword=True,
MaxPasswordAge=90,
PasswordReusePrevention=12,
HardExpiry=False
)
pprint.pprint(response)
You can find more details about particular password policy parameters here:
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html
Limitations:
AWS allows you to have only one password policy for whole AWS account.
You can configure it using web GUI or, if you prefer to have all your infrastructure and security as code, using boto and python:
#!/usr/bin/python
import boto3
import pprint
boto3.setup_default_session(profile_name='staging')
iam=boto3.resource('iam')
account_password_policy = iam.AccountPasswordPolicy()
response = account_password_policy.update(
MinimumPasswordLength=12,
RequireSymbols=True,
RequireNumbers=True,
RequireUppercaseCharacters=True,
RequireLowercaseCharacters=True,
AllowUsersToChangePassword=True,
MaxPasswordAge=90,
PasswordReusePrevention=12,
HardExpiry=False
)
pprint.pprint(response)
You can find more details about particular password policy parameters here:
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html
No comments:
Post a Comment