Cloudformation-coverage-roadmap: AWS::IAM::PasswordPolicy
2. Scope of request
Allow IAM Password Policy to be set with native CFN versus requiring a lambda + custom resource to call the IAM API directly.
3. Expected behavior
I should be able to set an account's password policy without needing to call the API directly.
5. Helpful Links to speed up research and evaluation
Functionality appears to be missing based on https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_IAM.html
Ended up using https://github.com/widdix/aws-cf-templates/blob/master/security/account-password-policy.yaml as a resource to create this stack.
6. Category (required) - Will help with tagging and be easier to find by other users to +1
Security
security identity compliance
amayausky
👍18
>All comments
While this is not implemented with a public one, you can use this private resource type Community::IAM::PasswordPolicy.
Installation instructions:
aws cloudformation register-type \
--region us-east-1 \
--type-name "Community::IAM::PasswordPolicy" \
--schema-handler-package "s3://community-resource-provider-catalog/community-iam-passwordpolicy-0.2.0.zip" \
--type RESOURCE \
--execution-role-arn <ROLE_ARN_WITH_ENOUGH_PRIVILEGE>
Usage example:
AWSTemplateFormatVersion: 2010-09-09
Resources:
PasswordPolicy:
Type: Community::IAM::PasswordPolicy
Properties:
MinimumPasswordLength: 6
RequireSymbols: false
RequireNumbers: true
RequireUppercaseCharacters: false
RequireLowercaseCharacters: true
AllowUsersToChangePassword: true
MaxPasswordAge: 90
PasswordReusePrevention: 10
HardExpiry: false
eduardomourar
on 23 Feb 2020
👍3
👎1
Was this page helpful?
0 / 5 - 0 ratings
Related issues
mildebrandt
路
3Comments
grauj-aws
路
3Comments
TheDanBlanco
路
3Comments
hoegertn
路
4Comments
rjpereira
路
4Comments
Most helpful comment
While this is not implemented with a public one, you can use this private resource type
Community::IAM::PasswordPolicy.Installation instructions:
Usage example: