Skip to content

Latest commit

 

History

History
33 lines (23 loc) · 598 Bytes

AWS038.md

File metadata and controls

33 lines (23 loc) · 598 Bytes

Pattern: IAM Password policy should have expiry less than or equal to 90 days

Issue: -

Description

IAM account password policies should have a maximum age specified.

The account password policy should be set to expire passwords after 90 days or less.

Resolution: import (.

Examples

Example of incorrect code:

resource "aws_iam_account_password_policy" "bad_example" {
	# ...
	# max_password_age not set
	# ...
}

Example of correct code:

resource "aws_iam_account_password_policy" "good_example" {
	# ...
	max_password_age = 90
	# ...
}