Excessive max password age

Details

Having a max password age set to too long of a period increases the risk of compromised credentials. Shorter expiration periods are essential for regular password updates, reducing the window of opportunity for attackers to exploit compromised credentials.

Benchmarks

CIS AWS Foundations Benchmark v1.2.0

Guidance

Shorten max password age to 90 days or less.

Fixes

Use CLI

Run the following in your terminal:

aws update-account-password-policy --max-password-age 90

Issue

Level

Warning

Detected

Jul 3, 2024

Status

Active

hooli-west-logs

hooli-east-logs

hooli-terraform

hooli-east-db-main

hooli-west-docs

hooli-west-db-main

hooli-west-db-warehouse

hooli-east-db-warehouse

hooli-east-docs

hooli-west-web

hooli-east-web

hooli-west-worker

hooli-east-worker

default_elb_98dacdfe-ee3d-3d9a-bc26-dc67035eeb2a

sg_2

sg_1

subnet-00654de6240e77c5d

elb-1

elb-1

subnet-05ca8c3d3433f01b9

sg_1

sg_2

sg_3

vpc-049f1e8183c92c43b

subnet-005b74680281b290c

subnet-0dae79e86a6ad01b1

subnet-07379bee5d35011bd

default

default_elb_f2aaf53c-0cca-3579-83ca-ea2d1ad606f0

vpc-0ff84d9e06eb88b31

subnet-013cf5230c5af5985

subnet-019b1ff3603480ca7

subnet-02ea5da7fe754a76a

subnet-05690443d5dcdc403

subnet-083ec4646db383daf

default

sg_3

Issue

Excessive max password age

Details

Benchmarks

Guidance

Fixes

Use CLI

Issue

Category

Level

Detected

Status