AWS Password Policy With Unchangeable Passwords
- Query id: 9ef7d25d-9764-4224-9968-fa321c56ef76
- Query name: AWS Password Policy With Unchangeable Passwords
- Platform: Terraform
- Severity: Medium
- Category: Insecure Configurations
- URL: Github
Description¶
Unchangeable passwords in AWS password policy
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_sqs_queue" "positive1" {
name = "examplequeue"
}
// comment
resource "aws_iam_account_password_policy" "positive2" {
minimum_password_length = 8
require_lowercase_characters = true
require_numbers = true
require_uppercase_characters = true
require_symbols = true
allow_users_to_change_password = false
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_sqs_queue" "negative1" {
name = "examplequeue"
}
// comment
resource "aws_iam_account_password_policy" "negative2" {
minimum_password_length = 10
require_lowercase_characters = true
require_numbers = true
require_uppercase_characters = true
require_symbols = true
allow_users_to_change_password = true
}