IAM policy is a document that allows or denies permission to AWS service and resources. IAM also maintains the password policies. IAM password policies can prevent the reuse of a given password by the same user. It is recommended that the password policy prevent the reuse of passwords. IAM enables you to manage access to AWS services resources securely, It gives you the flexibility to configure access based on your company’s specific operational and security needs. It fixes the policies for the authentication for users, groups, and roles.
Use the same previous password or reuse the password may be vulnerable it increases the account resiliency against brute force login attempts.
By rotating the console password periodically it helps in preventing the use of the previous passwords and enhancing security.
Before starting the configuration of the IAM password policy we need to keep in mind the following:
- Run the following commands to view the password policy
aws iam get-account-password-policy
Perform the following to set the password policy as prescribed:
- Log in to AWS account with Admin access
- Go to IAM Service on the AWS Console https://console.aws.amazon.com/iam/
- Click on Account Setting on the left navigation pane, under Identity and Access Management(IAM) Dashboard
- We see password policy click on change button
- After clicking on the change you will be directed to Modify password policy panel, there click on the check box as shown in the image which prevents password reuse, and here we can set the remember passwords to “24” (We recommend you to set it to 24 but you can change it ranging from 1-24 as per your security concern) and click on save changes button
aws iam update-account-password-policy --password-reuse-prevention 24
If you want to proceed with previous settings go through the Implementation steps section and uncheck the prevent password reuse option. Or else if you just want to change remember password value go through the Implementation steps section and in the option where you want to choose to remember the password value give the previous value or value you want to change.