On this page
aws_iam_password_policy resource
Use the aws_iam_password_policy InSpec audit resource to test properties of an AWS IAM Password Policy.
Syntax
An aws_iam_password_policy resource block declares the tests for an AWS IAM Password Policy.
describe aws_iam_password_policy do
  it { should exist }
end
Parameters
This resource does not expect any parameters.
See also the AWS documentation on Auto Scaling Group.
Properties
| Property | Description | 
|---|---|
| minimum_password_length | The minimum character count of the password policy. | 
| max_password_age_in_days | Integer representing in days how long a password may last before expiring. | 
| number_of_passwords_to_remember | Number of previous passwords to remember. | 
Examples
Test that a Password Policy meets your company’s requirements.
describe aws_iam_password_policy do
  it                             { should require_uppercase_characters }
  it                             { should require_lowercase_characters }
  it                             { should require_numbers }
  its('minimum_password_length') { should be > 8 }
end
Test that users can change their own passwords
describe aws_iam_password_policy do
  it { should allow_users_to_change_password }
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.
exist
it { should exist }
prevent_password_reuse
it { should prevent_password_reuse }
expire_passwords
it { should expire_passwords }
require_numbers
it { should require_numbers }
require_symbols
it { should require_symbols }
require_lowercase_characters
it { should require_lowercase_characters }
require_uppercase_characters
it { should require_uppercase_characters}
allow_users_to_change_passwords
it { should allow_users_to_change_password }
All matchers can use the inverse should_not predicate.
AWS Permissions
Your Principal will need the following permissions action set to allow: iam:GetAccountPasswordPolicy
© Chef Software, Inc.
Licensed under the Creative Commons Attribution 3.0 Unported License.
The Chef™ Mark and Chef Logo are either registered trademarks/service marks or trademarks/servicemarks of Chef, in the United States and other countries and are used with Chef Inc's permission.
We are not affiliated with, endorsed or sponsored by Chef Inc.
 https://docs.chef.io/inspec/resources/aws_iam_password_policy/