AWS037

IAM Password policy should prevent password reuse.

Explanation

IAM account password policies should prevent the reuse of passwords.

The account password policy should be set to prevent using any of the last five used passwords.

Insecure Example

The following example will fail the AWS037 check.

resource "aws_iam_account_password_policy" "strict" {
	# ...
	password_reuse_prevention = 1
	# ...
}

Secure Example

The following example will pass the AWS037 check.

resource "aws_iam_account_password_policy" "strict" {
	# ...
	password_reuse_prevention = 5
	# ...
}