If there is no minimum length policy set for passwords, it will leave account vulnerable to brute force attempts.
Password policy for AWS accounts can be created and managed in the AWS IAM Console.
In AWS Console -
In Terraform -
References:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_account_password_policy