AWS_IAM_11

Ensure IAM password policy expires passwords within 90 days or less

Description

IAM password policies can require passwords to be rotated or expired after a given number of days. It is recommended that the password policy expire passwords after 90 days or less.

Remediation

Perform the following to set the password policy as prescribed:

Via AWS Console:

1. Login to AWS Console (with appropriate permissions to View Identity Access Management Account Settings)

2. Go to IAM Service on the AWS Console

3. Click on Account Settings on the Left Pane

4. Check Enable password expiration”

5. Set “Password expiration period (in days):” to 90 or less

Via CLI

aws iam update-account-password-policy –max-password-age 90

Note: All commands starting with “aws iam update-account-password-policy” can be
combined into a single command.


References:
1. CCE-78909-9

Service

IAM

Severity

Medium

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!