Minimum password length policies non-enforcement can increase the likelihood of AWS account to be exploited using Brute force attack, Dictionary or password spray.
Password policy for AWS accounts can be created and managed in the AWS IAM Console.
In AWS Console -
In Terraform -
References:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_login_profile