How to update IAM password policy to require minimum password length of 14 or greater

Pragti Chauhan

~ 2 min read

IAM password policies can be used to enforce minimum password length to ensure password complexity. This article provides the step by step guide on how you can update your IAM password policy in AWS.

Introduction

Password complexity requirements can be enforced using password policies. IAM password policies can be used to ensure that the users’ passwords are at least a given length. It is recommended that the password policy requires a minimum password length of 14 characters.

Setting a password complexity policy increases account resiliency against brute force login attempts. If password length requirements are not enforced, users with smaller and weaker passwords become much more vulnerable to brute force attacks.

Accounts that can be brute forced provide access to attackers and consequently access to all data and resources within. In case of accounts with administrative access, this could mean the compromise of all resources, data, and even business intellectual property.

In this article we will see how to update IAM password policy.

Update IAM password policy

Following are the steps to update IAM password policy in AWS to require minimum password length of 14 or greater:

  1. Login to AWS Management Console

  2. Navigate to IAM service

    AWS IAM Service

  3. On the left panel of IAM dashboard, under Access Management, click on Account settings

    IAM Account Settings

  4. Under Password Policy section we can see that the Minimum password length is 8 characters

    IAM Password Policy

  5. To update this setting, click on Change

    Change IAM Password Policy

  6. Under Enforce minimum password length, specify β€œ14” characters

    Enforce minimum password length

  7. Click on Save changes

    Save changes to password policy

  8. The Password Policy has been successfully updated

    Updated Password Policy

;