AWS IAM - Password Policy & MFA
Note: DON’T perform this exercise unless you understand what you are doing and what is the outcome of applying these changes to your account
Objectives
- Create password policy with the following settings:
- At least minimum 8 characters
- At least one number
-
Prevent password reuse
- Then enable MFA for the account.
Solution
Password Policy:
- Go to IAM service in AWS
- Click on “Account settings” under “Access management”
- Click on “Change password policy”
- Check “Enforce minimum password length” and set it to 8 characters
- Check “Require at least one number”
- Check “Prevent password reuse”
- Click on “Save changes”
MFA:
- Click on the account name
- Click on “My Security Credentials”
- Expand “Multi-factor authentication (MFA)” and click on “Activate MFA”
- Choose one of the devices
-
Follow the instructions to set it up and click on “Assign MFA”
-
resource "aws_iam_account_password_policy" "strict" {
minimum_password_length = 8
require_numbers = true
allow_users_to_change_password = true
password_reuse_prevention = 1
}
Note: You cannot add MFA through terraform, you have to do it in the GUI.