Risk Level: Low
Cloud Entity: IAM User
CloudGuard Rule ID: D9.AWS.LOG.25
Covered by Spectral: No
Category: Security, Identity, & Compliance

GSL LOGIC

IamUser should have passwordNextRotation &lt;= 30

REMEDIATION

From Portal

Navigate to your AWS Identity and Access Management (IAM) dashboard.\
Within the navigation panel, select 'Credential Report'\
Click the 'Download Report' option to access a comprehensive list of all your AWS account users along with the status of their various credentials.\
Open the downloaded file\
Examine the 'password_next_rotation' column value for each listed AWS IAM user.\
Verify if the 'password_next_rotation' value indicates a timeframe of fewer than 30 days, ensuring
that password rotations are scheduled within the recommended security threshold.

From Command Line

To Retrieve the IAM Credential Report:

aws iam get-credential-report

To Decode and Save the Report as a CSV File:

echo -n 'YOUR_CONTENT'| base64 -d >> aws-iam-credentials-report.csv

To Set a Valid Password Policy:

aws iam update-account-password-policy --allow-users-to-change-password --max-password-age 30

References

IAM User

An IAM user is an entity that you create in AWS to represent the person or service that uses it to interact with AWS. A user in AWS consists of a name and credentials.

Compliance Frameworks

CloudGuard AWS All Rules Ruleset