AWS-IAM-Password-Expiration

Severity: High

Description: This control ensures that option “Password expiration period (in days)” is set to 90 or less in password policy setting. It is recommended that the password policy expire passwords after 90 days or less.

Remediation Steps:

Perform following to update IAM policy for IAM user :

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to IAM console.

3. On the Left Pane, click on Account Settings.

4. Click on Update Password Policy.

5. Check Enable password expiration.

6. Set Password expiration period (in days) to 90 or less.

7. Click Apply password policy.

Important:

Reference:

• https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html