Pattern: Allowed non-number passwords for AWS IAM policy
Issue: -
IAM account password policies should ensure that passwords content including at least one number.
Resolution: Enforce longer, more complex passwords in the policy.
Example of incorrect code:
resource "aws_iam_account_password_policy" "bad_example" {
# ...
# require_numbers not set
# ...
}Example of correct code:
resource "aws_iam_account_password_policy" "good_example" {
# ...
require_numbers = true
# ...
}