-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS::IAM::PasswordPolicy #107
Comments
While this is not implemented with a public one, you can use this private resource type Installation instructions: aws cloudformation register-type \
--region us-east-1 \
--type-name "Community::IAM::PasswordPolicy" \
--schema-handler-package "s3://community-resource-provider-catalog/community-iam-passwordpolicy-0.2.0.zip" \
--type RESOURCE \
--execution-role-arn <ROLE_ARN_WITH_ENOUGH_PRIVILEGE> Usage example: AWSTemplateFormatVersion: 2010-09-09
Resources:
PasswordPolicy:
Type: Community::IAM::PasswordPolicy
Properties:
MinimumPasswordLength: 6
RequireSymbols: false
RequireNumbers: true
RequireUppercaseCharacters: false
RequireLowercaseCharacters: true
AllowUsersToChangePassword: true
MaxPasswordAge: 90
PasswordReusePrevention: 10
HardExpiry: false |
Any update on this? |
1 similar comment
Any update on this? |
Customers that use CloudFormation for creating IAM users would benefit to be able to configure Password Policies through the CFN templates instead of doing it manually in every account. IAM password policy can be deployed via following methods – Console, CLI, API. Request to create a new resource (AWS::IAM::PasswordPolicy). Creation of new resources is owned by service teams, in this case IAM team. |
2. Scope of request
Allow IAM Password Policy to be set with native CFN versus requiring a lambda + custom resource to call the IAM API directly.
3. Expected behavior
I should be able to set an account's password policy without needing to call the API directly.
5. Helpful Links to speed up research and evaluation
Functionality appears to be missing based on https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_IAM.html
Ended up using https://github.com/widdix/aws-cf-templates/blob/master/security/account-password-policy.yaml as a resource to create this stack.
6. Category (required) - Will help with tagging and be easier to find by other users to +1
Security
The text was updated successfully, but these errors were encountered: