AWS-IAM-Users-Password-Last-Used

Severity : Medium

Description : Having numerous, unused user accounts extends the attack surface. If users do not log into their accounts for more than the defined period of time, the account should be deleted.

Remediation Steps : Delete old user accounts that allow password-based logins and have not been used recently.

Blue Hexagon Proprietary