Password policies are, in part, used to enforce password complexity requirements. IAM password policies can be used to ensure passwords are comprised of different character sets. It is recommended that the password policy requires at least one uppercase letter.
At least one symbol in the password and similar conditions such as minimum length, whether it requires nonalphabetic characters, and how frequently it must be rotated in users account will make a strong password, one of the best security practices.
Setting a password complexity policy increases account resiliency against brute force login attempts.
By default, AWS will have only a few password policy and if you want to make custom policies you can follow the remediation steps.
Perform the following to ensure the password policy is configured as prescribed: Via AWS Console
Check the list of policies shown under the Password policy section to know whether the particular policy is enabled or not
To view the password policy:
Perform the following to set the password policy as prescribed:
Using AWS Console
- To create or change the custom password policy
- To delete the custom password policy