Terraform module to manage AWS account password policy
At the moment, testing is manual:
Note: This test should be run in an account that doesn't already have an existing AccessAnalyzer.
# Replace "xxx" with an actual AWS profile, then execute the integration tests.
export AWS_PROFILE=xxx
make terraform/pytest PYTEST_ARGS="-v --nomock"
| Name | Version |
|---|---|
| terraform | >= 0.12 |
| Name | Version |
|---|---|
| aws | n/a |
| Name | Type |
|---|
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| account_alias | Name of the IAM account alias | string |
"" |
no |
| allow_users_to_change_password | Whether to allow users to change their own password | bool |
true |
no |
| analyzer_name | Name of the Analyzer. | string |
"AccountAnalyzer" |
no |
| analyzer_type | Type of Analyzer. Valid value is currently only ACCOUNT. Defaults to ACCOUNT. | string |
"ACCOUNT" |
no |
| create_accessanalyzer | Controls whether to configure the IAM Access Analyzer | bool |
true |
no |
| hard_expiry | Whether users are prevented from setting a new password after their password has expired (i.e. require administrator reset) | bool |
false |
no |
| max_password_age | The number of days that an user password is valid | string |
"90" |
no |
| minimum_password_length | Minimum length to require for user passwords | string |
"14" |
no |
| password_reuse_prevention | The number of previous passwords that users are prevented from reusing | string |
"24" |
no |
| require_lowercase_characters | Whether to require lowercase characters for user passwords | bool |
true |
no |
| require_numbers | Whether to require numbers for user passwords | bool |
true |
no |
| require_symbols | Whether to require symbols for user passwords | bool |
true |
no |
| require_uppercase_characters | Whether to require uppercase characters for user passwords | bool |
true |
no |
| tags | A map of tags to add to the module resources | map(any) |
{} |
no |
No outputs.