mirror of
https://github.com/inspec/inspec
synced 2024-11-30 16:39:20 +00:00
bd7327b91c
* Spelling and punctuation check Signed-off-by: kagarmoe <kgarmoe@chef.io>
76 lines
2.2 KiB
Text
76 lines
2.2 KiB
Text
---
|
|
title: About the aws_iam_password_policy Resource
|
|
platform: aws
|
|
---
|
|
|
|
# aws\_iam\_password\_policy
|
|
|
|
Use the `aws_iam_password_policy` InSpec audit resource to test properties of the AWS IAM Password Policy.
|
|
|
|
<br>
|
|
|
|
## Syntax
|
|
|
|
An `aws_iam_password_policy` resource block takes no parameters. Several properties and matchers are available.
|
|
|
|
describe aws_iam_password_policy do
|
|
it { should require_lowercase_characters }
|
|
end
|
|
|
|
<br>
|
|
|
|
## Properties
|
|
|
|
* `max_password_age_in_days`, `minimum_password_length`, `number_of_passwords_to_remember`
|
|
|
|
## Examples
|
|
|
|
The following examples show how to use this InSpec audit resource.
|
|
|
|
### Test that the IAM Password Policy requires lowercase characters, uppercase characters, numbers, symbols, and a minimum length greater than eight
|
|
|
|
describe aws_iam_password_policy do
|
|
it { should require_lowercase_characters }
|
|
it { should require_uppercase_characters }
|
|
it { should require_symbols }
|
|
it { should require_numbers }
|
|
its('minimum_password_length') { should be > 8 }
|
|
end
|
|
|
|
### Test that the IAM Password Policy allows users to change their password
|
|
|
|
describe aws_iam_password_policy do
|
|
it { should allow_users_to_change_passwords }
|
|
end
|
|
|
|
### Test that the IAM Password Policy expires passwords
|
|
|
|
describe aws_iam_password_policy do
|
|
it { should expire_passwords }
|
|
end
|
|
|
|
### Test that the IAM Password Policy has a max password age
|
|
|
|
describe aws_iam_password_policy do
|
|
its('max_password_age_in_days') { should be 90 }
|
|
end
|
|
|
|
### Test that the IAM Password Policy prevents password reuse
|
|
|
|
describe aws_iam_password_policy do
|
|
it { should prevent_password_reuse }
|
|
end
|
|
|
|
### Test that the IAM Password Policy requires users to remember 3 previous passwords
|
|
|
|
describe aws_iam_password_policy do
|
|
its('number_of_passwords_to_remember') { should eq 3 }
|
|
end
|
|
|
|
<br>
|
|
|
|
## Matchers
|
|
|
|
This resource uses the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
|
|
* `allows_users_to_change_passwords`, `expire_passwords`, `prevent_password_reuse`, `require_lowercase_characters` , `require_uppercase_characters`, `require_numbers`, `require_symbols`
|