The password policy that you should apply depends on the level of security that you want to apply to your IAM users passwords. I would suggest something like the following, but it will depend on your use case:
Setting up a password policy for IAM users
Get Effective DevOps with AWS - Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.