standard
turbot/aws_compliance

Trigger: Detect & correct IAM account password policies without maximum password age of 90 days

Detects IAM account password policies without maximum password age of 90 days and then updates to maximum password age of 90 days.

Query

select
a.account_id as title,
a.account_id,
a.sp_connection_name as conn
from
aws_account as a
left join aws_iam_account_password_policy as pol on a.account_id = pol.account_id
where
max_password_age < 90
or max_password_age is null;

Schedule

15m

Tags

category = Compliance
mod = aws
service = AWS/IAM