title | platform |
---|---|
About the aws_iam_password_policy Resource |
aws |
Use the aws_iam_password_policy
InSpec audit resource to test properties of an AWS IAM Password Policy.
An aws_iam_password_policy
resource block declares the tests for an AWS IAM Password Policy.
describe aws_iam_password_policy do
it { should exist }
end
This resource does not expect any parameters.
See also the AWS documentation on Auto Scaling Group.
Property | Description |
---|---|
minimum_password_length | The minimum character count of the password policy. |
max_password_age_in_days | Integer representing in days how long a password may last before expiring. |
number_of_passwords_to_remember | Number of previous passwords to remember. |
describe aws_iam_password_policy do
it { should require_uppercase_characters }
it { should require_lowercase_characters }
it { should require_numbers }
its('minimum_password_length') { should be > 8 }
end
describe aws_iam_password_policy do
it { should allow_users_to_change_password }
end
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.
it { should exist }
it { should prevent_password_reuse }
it { should expire_passwords }
it { should require_numbers }
it { should require_symbols }
it { should require_lowercase_characters }
it { should require_uppercase_characters}
it { should allow_users_to_change_password }
All matchers can use the inverse should_not
predicate.
Your Principal will need the following permissions action set to allow: IAM:Client:GetAccountPasswordPolicyResponse