2回答
- 新しい順
- 投票が多い順
- コメントが多い順
3
No I am afraid not. Each account has its own IAM password policy.
You need to configure the policy in every account. If using IaC, you can define the password policy on account creation etc or take ownership of the password policy via IaC and define it.
1
Hello,
I'd also add to the above the following considerations:
- After deploying the password policy, consider implementing an SCP to prevent member accounts from modifying their IAM password policies
- For enhanced security, consider using AWS Single Sign-On (SSO) instead of IAM users for account access
- You could also use AWS Config Rules with SSM auto-remediation documents to ensure ongoing compliance with the password policy
You can check this lab on updating the password policy for all IAM users across all AWS accounts: https://github.com/aws-samples/devlab-iam-password-policy
Thank you very much Gary Mclean