Skip to content

Latest commit

 

History

History
155 lines (91 loc) · 7.56 KB

README.md

File metadata and controls

155 lines (91 loc) · 7.56 KB
Raw

Community::IAM::PasswordPolicy

Resource that allows for the creation of an IAM Password Policy (applies to entire account).

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
    "Type" : "Community::IAM::PasswordPolicy",
    "Properties" : {
        "MinimumPasswordLength" : Integer,
        "RequireSymbols" : Boolean,
        "RequireNumbers" : Boolean,
        "RequireUppercaseCharacters" : Boolean,
        "RequireLowercaseCharacters" : Boolean,
        "AllowUsersToChangePassword" : Boolean,
        "MaxPasswordAge" : Integer,
        "PasswordReusePrevention" : Integer,
        "HardExpiry" : Boolean
    }
}

YAML

Type: Community::IAM::PasswordPolicy
Properties:
    MinimumPasswordLength: Integer
    RequireSymbols: Boolean
    RequireNumbers: Boolean
    RequireUppercaseCharacters: Boolean
    RequireLowercaseCharacters: Boolean
    AllowUsersToChangePassword: Boolean
    MaxPasswordAge: Integer
    PasswordReusePrevention: Integer
    HardExpiry: Boolean

Properties

MinimumPasswordLength

The minimum number of characters allowed in an IAM user password. If you do not specify a value for this parameter, then the operation uses the default value of 6.

Required: No

Type: Integer

Update requires: No interruption

RequireSymbols

Specifies whether IAM user passwords must contain at least one of the following non-alphanumeric characters: ! @ # $ % ^ & * ( ) _ + - = [ ] { } | ' If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that passwords do not require at least one symbol character.

Required: No

Type: Boolean

Update requires: No interruption

RequireNumbers

Specifies whether IAM user passwords must contain at least one numeric character (0 to 9). If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that passwords do not require at least one numeric character.

Required: No

Type: Boolean

Update requires: No interruption

RequireUppercaseCharacters

Specifies whether IAM user passwords must contain at least one uppercase character from the ISO basic Latin alphabet (A to Z). If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that passwords do not require at least one uppercase character.

Required: No

Type: Boolean

Update requires: No interruption

RequireLowercaseCharacters

Specifies whether IAM user passwords must contain at least one lowercase character from the ISO basic Latin alphabet (a to z). If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that passwords do not require at least one lowercase character.

Required: No

Type: Boolean

Update requires: No interruption

AllowUsersToChangePassword

Allows all IAM users in your account to use the AWS Management Console to change their own passwords. For more information, see Letting IAM Users Change Their Own Passwords in the IAM User Guide. If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that IAM users in the account do not automatically have permissions to change their own password.

Required: No

Type: Boolean

Update requires: No interruption

MaxPasswordAge

The number of days that an IAM user password is valid. If you do not specify a value for this parameter, then the IAM user passwords never expire.

Required: No

Type: Integer

Update requires: No interruption

PasswordReusePrevention

Specifies the number of previous passwords that IAM users are prevented from reusing. If you do not specify a value for this parameter, then the IAM users are not prevented from reusing previous passwords.

Required: No

Type: Integer

Update requires: No interruption

HardExpiry

Prevents IAM users from setting a new password after their password has expired. The IAM user cannot be accessed until an administrator resets the password. If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that IAM users can change their passwords after they expire and continue to sign in as the user.

Required: No

Type: Boolean

Update requires: No interruption

Return Values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ResourceId.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

ResourceId

AWS CloudFormation generates a unique identifier for the password policy resource.

ExpirePasswords

Indicates whether passwords in the account expire. Returns true if MaxPasswordAge contains a value greater than 0. Returns false if MaxPasswordAge is 0 or not present.