Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS::IAM::PasswordPolicy #107

Open
amayausky opened this issue Aug 6, 2019 · 4 comments
Open

AWS::IAM::PasswordPolicy #107

amayausky opened this issue Aug 6, 2019 · 4 comments
Labels
enhancement New feature or request security identity compliance IAM, Cognito, Secrets Manager, GuardDuty, etc.

Comments

@amayausky
Copy link

2. Scope of request

Allow IAM Password Policy to be set with native CFN versus requiring a lambda + custom resource to call the IAM API directly.

3. Expected behavior

I should be able to set an account's password policy without needing to call the API directly.

5. Helpful Links to speed up research and evaluation

Functionality appears to be missing based on https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_IAM.html

Ended up using https://github.com/widdix/aws-cf-templates/blob/master/security/account-password-policy.yaml as a resource to create this stack.

6. Category (required) - Will help with tagging and be easier to find by other users to +1

Security
@TheDanBlanco TheDanBlanco added the security identity compliance IAM, Cognito, Secrets Manager, GuardDuty, etc. label Aug 7, 2019
@PatMyron PatMyron mentioned this issue Jan 12, 2020
Closed
@eduardomourar
Copy link

eduardomourar commented Feb 23, 2020
edited
Loading

While this is not implemented with a public one, you can use this private resource type Community::IAM::PasswordPolicy.

Installation instructions:

aws cloudformation register-type \
  --region us-east-1 \
  --type-name "Community::IAM::PasswordPolicy" \
  --schema-handler-package "s3://community-resource-provider-catalog/community-iam-passwordpolicy-0.2.0.zip" \
  --type RESOURCE \
  --execution-role-arn <ROLE_ARN_WITH_ENOUGH_PRIVILEGE>

Usage example:

AWSTemplateFormatVersion: 2010-09-09
Resources:
  PasswordPolicy:
    Type: Community::IAM::PasswordPolicy
    Properties:
      MinimumPasswordLength: 6
      RequireSymbols: false
      RequireNumbers: true
      RequireUppercaseCharacters: false
      RequireLowercaseCharacters: true
      AllowUsersToChangePassword: true
      MaxPasswordAge: 90
      PasswordReusePrevention: 10
      HardExpiry: false

@WaelA WaelA added the enhancement New feature or request label Aug 5, 2021
@kylekluever
Copy link

Any update on this?

1 similar comment
@kylekluever
Copy link

Any update on this?

@suresan
Copy link

suresan commented Nov 17, 2023

Customers that use CloudFormation for creating IAM users would benefit to be able to configure Password Policies through the CFN templates instead of doing it manually in every account. IAM password policy can be deployed via following methods – Console, CLI, API.

Request to create a new resource (AWS::IAM::PasswordPolicy). Creation of new resources is owned by service teams, in this case IAM team.

@nikpivkin nikpivkin mentioned this issue Jun 28, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request security identity compliance IAM, Cognito, Secrets Manager, GuardDuty, etc.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@amayausky @WaelA @eduardomourar @suresan @kylekluever @TheDanBlanco