IAM password policies should expire passwords within 90 days¶
Description¶
IAM password policies can require passwords to be rotated or expired after a given number of days. Reducing the password lifetime increases account resiliency against brute force login attempts.
Console Remediation Steps¶
Navigate to IAM.
In the left navigation, select Account settings.
Check the Enable password expiration checkbox.
In the Password expiration period (days) field, enter 90 days or less.
Click the Apply password policy button.
CLI Remediation Steps¶
Set IAM password policy to expire passwords in 90 days.
This operation does not support partial updates. No parameters are required, but if you do not specify a parameter, that parameter’s value reverts to its default value.
aws iam update-account-password-policy <other password options> --max-password-age 90