Aqua CSPM

Maximum Password Age

Quick Info

Plugin TitleMaximum Password Age
CloudAWS
CategoryIAM
DescriptionEnsures password policy requires passwords to be reset every 180 days
More InfoA strong password policy enforces minimum length, expirations, reuse, and symbol usage
AWS Linkhttp://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html
Recommended ActionDescrease the maximum allowed age of passwords for the password policy

Detailed Remediation Steps

  1. Log into the AWS Management Console.
  2. Select the “Services” option and search for IAM.
  3. Scroll down the left navigation panel and choose “Account Settings”.
  4. Under the “Password Policy” configuration panel scroll down and check the “Enable password expiration”. If the “Enable password expiration” checkbox is not ticked then the password won’t reset in any number of days.
  5. If the “Enable password expiration” checkbox is ticked and “Password expiration period (in days)” is set to above 180 days than the allowed age of password might lead to a security threat as the same password will be active for a long period of time.
  6. Click on the “Enable password expiration” checkbox and mention the 180 days under “Password expiration period (in days)” so that the password will be expired after 180days. After 180 days, the password expires and the IAM user must set a new password before accessing the AWS Management Console.
  7. Click on the “Apply Password Policy” button to make the necessary changes.