| Plugin Title | Maximum Password Age |
| Cloud | AWS |
| Category | IAM |
| Description | Ensures password policy requires passwords to be reset every 180 days |
| More Info | A strong password policy enforces minimum length, expirations, reuse, and symbol usage |
| AWS Link | http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html |
| Recommended Action | Descrease the maximum allowed age of passwords for the password policy |
- Log into the AWS Management Console.
- Select the "Services" option and search for IAM.
- Scroll down the left navigation panel and choose "Account Settings".
- On the Account Settings page, click on the "Change" under the "Password Policy".
- Under the "Password Policy" configuration panel scroll down and check the "Enable password expiration". If the "Enable password expiration" checkbox is not ticked then the password won't reset in any number of days.
- If the "Enable password expiration" checkbox is ticked and "Password expiration period (in days)" is set to above 180 days than the allowed age of password might lead to a security threat as the same password will be active for a long period of time.
- Click on the "Enable password expiration" checkbox and mention the 180 days under "Password expiration period (in days)" so that the password will be expired after 180 days. After 180 days, the password expires and the IAM user must set a new password before accessing the AWS Management Console.
- Click on the "Apply Password Policy" button to make the necessary changes.
