Query: Ensure IAM password policy expires passwords within 90 days or less

Description

IAM password policies can require passwords to be rotated or expired after a given number of days. Security Hub recommends that the password policy expire passwords after 90 days or less. Reducing the password lifetime increases account resiliency against brute force login attempts.

Query

Tables used in this query:

• aws_account
• aws_iam_account_password_policy

Controls using this query:

• 1.11 Ensure IAM password policy expires passwords within 90 days or less
• Ensure IAM password policy expires passwords within 90 days or less

SQL