resource "aws_iam_account_password_policy" "cis" {
  # 1.5
  require_uppercase_characters = true

  # 1.6
  require_lowercase_characters = true

  # 1.7
  require_symbols = true

  # 1.8
  require_numbers = true

  # 1.9
  minimum_password_length = 14

  # 1.10
  password_reuse_prevention = 24

  # 1.11
  max_password_age = 90

  allow_users_to_change_password = true

  hard_expiry = true
}