Password policies are, in part, used to enforce password complexity requirements. IAM password policies can be used to ensure passwords are comprised of different character sets. It is recommended that the password policy requires a minimum length of 14 or greater.
The password policy should enforce passwords contain a minimum of 14 characters, and similar conditions such as minimum length, whether it requires nonalphabetic characters, and how frequently it must be rotated in users account, will make a strong password. It's one of the best security practices.
Setting a password complexity policy increases account resiliency against brute force login attempts.
By default, AWS will have only a few password policy and if you want to make custom policies you can follow the remediation steps.
Perform the following to ensure the password policy is configured as prescribed: Via AWS Console
Perform the following to set the password policy as prescribed:
Using AWS Console
To delete the custom password policy:
aws iam delete-account-password-policy