Having a max password age set to too long of a period increases the risk of compromised credentials. Shorter expiration periods are essential for regular password updates, reducing the window of opportunity for attackers to exploit compromised credentials.
Shorten max password age to 90 days or less.
aws update-account-password-policy --max-password-age 90