Ensure IAM password policy expires passwords within 90 days or less

Access keys consist of an access key ID and secret access key, which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI), Tools for Windows PowerShell, the AWS SDKs, or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.

Risk Level: Low
Cloud Entity: AWS Identity and Access Management (IAM)
CloudGuard Rule ID: D9.TF.AWS.IAM.09
Covered by Spectral: No
Category: Security, Identity, & Compliance

GSL LOGIC

aws_iam_account_password_policy should have max_password_age > 89

REMEDIATION

  1. Run aws iam update-account-password-policy --max-password-age 90

AWS Identity and Access Management (IAM)

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.
IAM is a feature of your AWS account offered at no additional charge. You will be charged only for use of other AWS services by your users.

Compliance Frameworks

  • Terraform AWS CIS Foundations