AWS IAM Password Policy Does Not Have An Uppercase Character

This policy identifies AWS accounts in which IAM password policy does not have an uppercase character. AWS IAM (Identity & Access Management) allows customers to secure AWS console access. As a security best practice, customers must have strong password policies in place.

Policy Details

Policy Subtype
Run, Build
Template Type

Build Rules

AWS IAM password policy does not have a uppercase character.
JSON Query:
$.resource[*].aws_iam_account_password_policy[*].*[*].require_uppercase_characters anyFalse
Recommended solution for making sure password have a uppercase character.
It is recommended IAM policy password have a uppercase character. Please make sure your template has "require_uppercase_characters" attribute is set to true.
For example:
"aws_iam_account_password_policy": [ { "<am_account_password_policy_name>": [ { "require_uppercase_characters": true } ] } ]

Run Rule Recommendation

  1. Login to the AWS console and navigate to the 'IAM' service.
  2. On the left navigation panel, Click on 'Account Settings'.
  3. check 'Require at least one uppercase letter'.
  4. Click on 'Apply password policy'.
Remediation CLI Command:
aws iam update-account-password-policy --minimum-password-length 14 --require-uppercase-characters --require-lowercase-characters --require-numbers --require-symbols --allow-users-to-change-password --password-reuse-prevention 24 --max-password-age 90
CLI Command Description:
This CLI command requires 'iam:UpdateAccountPasswordPolicy' permission. Successful execution will update the password policy to set the minimum password length to 14, require lowercase, uppercase, symbol, allow users to reset password, cannot reuse the last 24 passwords and password expiration to 90 days.


There are 8 standards that are applicable to this policy:
  • CIS v1.2.0 (AWS)
  • HITRUST CSF v9.3
  • GDPR
  • NIST 800-171 Rev1
  • SOC 2
  • CSA CCM v3.0.1
  • NIST 800-53 Rev4

Recommended For You