ContextQMD
Back to Devops Exercises

Solution

topics/aws/exercises/password_policy_and_mfa/solution.md

latest1.3 KB
Original Source

AWS IAM - Password Policy & MFA

Note: DON'T perform this exercise unless you understand what you are doing and what is the outcome of applying these changes to your account

Objectives

  1. Create password policy with the following settings:

  2. At least minimum 8 characters

  3. At least one number

  4. Prevent password reuse

  5. Then enable MFA for the account.

Solution

Password Policy:

  1. Go to IAM service in AWS
  2. Click on "Account settings" under "Access management"
  3. Click on "Change password policy"
  4. Check "Enforce minimum password length" and set it to 8 characters
  5. Check "Require at least one number"
  6. Check "Prevent password reuse"
  7. Click on "Save changes"

MFA:

  1. Click on the account name

  2. Click on "My Security Credentials"

  3. Expand "Multi-factor authentication (MFA)" and click on "Activate MFA"

  4. Choose one of the devices

  5. Follow the instructions to set it up and click on "Assign MFA"

  6. Solution using Terraform:

resource "aws_iam_account_password_policy" "strict" {
  minimum_password_length        = 8
  require_numbers                = true
  allow_users_to_change_password = true
  password_reuse_prevention      = 1
}

Note: You cannot add MFA through terraform, you have to do it in the GUI.