Skip to main content
HashnodekrishnA tiwari's blog

Command Palette

Search for a command to run...

Best Practices for AWS IAM Policies: A Complete How-To Guide

Updated
3 min read
Best Practices for AWS IAM Policies: A Complete How-To Guide
K
Krishna Tiwari

There is a well-known saying:

Prevention is better than cure.

In today’s digital world, security incidents can happen at any time on the internet. Therefore, it is our responsibility to apply strong security policies for both organizations and individual users.

By default, AWS IAM account policies do not enforce some important security best practices, such as password expiration and password reuse prevention. These settings must be configured manually.

We must enable these policies because password expiration and reuse prevention help protect accounts from past password leaks and reduce the risk of misuse if credentials are compromised.

Before setting up the policy, it is important to understand some basic IAM password best practices that we should follow.

A strong password policy always provides better security for your AWS account.

Basic IAM Password Policies

Set a minimum password length
A longer password is harder to guess and protects against brute-force attacks.Set the minimum password length to at least 12 characters.
Require specific character types
Using uppercase letters, lowercase letters, numbers, and special characters increases password complexity and reduces the risk of password-guessing attacks.Require all character types in every password.
Allow IAM users to change their own passwords
This allows users to update their passwords quickly if they suspect a security issue, without waiting for an administrator. Enable self-service password changes for all IAM users.
Require password expiration
Password expiration limits the lifetime of a compromised password and reduces long-term unauthorized access. Force users to change their passwords every 90 days.
Prevent password reuse
Reusing old passwords increases the risk of account compromise, especially if previous passwords were leaked. Remember and block reuse of at least the last 2 passwords.

These are some of the basic IAM password policies that help as preventive security measures. By applying these policies, we can significantly reduce the risk of unauthorized access to AWS accounts.

Now, let’s move on to the step-by-step guide to configure and enable all of these IAM password policies in AWS.

ℹ️Info

If you are logged in as the AWS root user , no additional permissions are required. Keep going without any changes doing.

⚠️Warning

If you are logged in as an IAM user , ensure the logged in user has sufficient permission to update IAM password policies.

step by step guide

  1. Open the IAM Dashboard

    • Log in to your AWS Management Console.

    • In the search bar at the top, type “IAM” and select IAM from the results.

    • You will be redirected to the IAM Dashboard, where you can manage users, groups, roles, and account settings.

  1. Go to Account Settings

    • In the IAM Dashboard, click on “Account settings” from the left-hand menu under Access management.

    • This will open the Account Settings dashboard, where you can configure your IAM password policies and other account-wide security settings.

      1. Click on edit as shown and select custom

Set the policy and click save chang

All done! Congratulations🎉🎉, you have set up the basic IAM password policy.

Conclusion

Always use the best password policy for better account security🛡️. We should be concerned before something bad happens. Just setting up the system is not a big deal—making the system secure is also an important responsibility of an AWS Solutions Architect.

#aws#password-policy#security#solutionarchitect

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

krishnA tiwari's blog

4 posts