devops-exercises/topics/aws/exercises/password_policy_and_mfa/solution.md

47 lines
1.3 KiB
Markdown
Raw Normal View History

2021-11-09 22:09:46 +01:00
## AWS IAM - Password Policy & MFA
Note: DON'T perform this exercise unless you understand what you are doing and what is the outcome of applying these changes to your account
### Objectives
1. Create password policy with the following settings:
1. At least minimum 8 characters
2. At least one number
3. Prevent password reuse
2. Then enable MFA for the account.
### Solution
Password Policy:
1. Go to IAM service in AWS
2. Click on "Account settings" under "Access management"
3. Click on "Change password policy"
1. Check "Enforce minimum password length" and set it to 8 characters
1. Check "Require at least one number"
1. Check "Prevent password reuse"
4. Click on "Save changes"
MFA:
1. Click on the account name
2. Click on "My Security Credentials"
3. Expand "Multi-factor authentication (MFA)" and click on "Activate MFA"
4. Choose one of the devices
5. Follow the instructions to set it up and click on "Assign MFA"
6. ### Solution using Terraform:
```
resource "aws_iam_account_password_policy" "strict" {
minimum_password_length = 8
require_numbers = true
allow_users_to_change_password = true
password_reuse_prevention = 1
}
```
**Note:** You cannot add MFA through terraform, you have to do it in the GUI.