standard
turbot/aws_compliance

Trigger: Detect & correct IAM account password policies without password reuse 24

Detects IAM account password policies that do not enforce a password reuse prevention policy of 24 and updates them.

Query

select
a.account_id as title,
a.account_id,
a.sp_connection_name as conn
from
aws_account as a
left join aws_iam_account_password_policy as pol on a.account_id = pol.account_id
where
password_reuse_prevention < 24
or password_reuse_prevention is null;

Schedule

15m

Tags

category = Compliance
mod = aws
service = AWS/IAM