Max password age too long

Details

Having a max password age set to too long of a period increases the risk of compromised credentials. Shorter expiration periods are essential for regular password updates, reducing the window of opportunity for attackers to exploit compromised credentials.

Benchmarks

CIS AWS Foundations Benchmark v1.2.0

Guidance

Shorten max password age to 90 days or less.

Fixes

Use CLI

Run the following in your terminal: aws update-account-password-policy --max-password-age 90

Issue

Level

Warning

Detected

Aug 15, 2023

Status

Active

hooli-east-docs

hooli-terraform

hooli-east-db-main

hooli-east-db-warehouse

hooli-west-logs

hooli-west-docs

hooli-west-db-main

hooli-west-db-warehouse

hooli-east-logs

hooli-east-web

hooli-west-worker

hooli-east-worker

hooli-west-web

subnet-05ca8c3d3433f01b9

default

default_elb_98dacdfe-ee3d-3d9a-bc26-dc67035eeb2a

subnet-019b1ff3603480ca7

subnet-083ec4646db383daf

default_elb_f2aaf53c-0cca-3579-83ca-ea2d1ad606f0

sg_2

elb-1

vpc-049f1e8183c92c43b

subnet-0dae79e86a6ad01b1

subnet-00654de6240e77c5d

subnet-07379bee5d35011bd

default

sg_3

sg_2

sg_1

vpc-0ff84d9e06eb88b31

subnet-013cf5230c5af5985

sg_1

sg_3

subnet-005b74680281b290c

elb-1

subnet-02ea5da7fe754a76a

subnet-05690443d5dcdc403

Issue

Max password age too long

Details

Benchmarks

Guidance

Fixes

Use CLI

Issue

Category

Level

Detected

Status