IAM Password policy should have expiry less than or equal to 90 days.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | iam |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
The IAM password policy does not enforce password expiry within 90 days, allowing users to keep the same password for extended periods. This increases the risk window for compromised credentials.
Impact#
If passwords remain valid for too long, attackers who obtain a user’s password have a prolonged opportunity to access sensitive AWS resources. This can lead to unauthorized access, data breaches, or further compromise of cloud infrastructure.
Resolution#
Limit the password duration with an expiry in the policy