IAM password policy should require user passwords to expire within 90 days

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

IAM password policies enforce rules for user passwords in AWS. One of these rules is defining the password expiration timeframe. Requiring user passwords to expire within 90 days is a best practice to enhance security. This policy reduces the risk of compromised accounts due to prolonged use of the same password, ensuring periodic updates that safeguard against potential threats.

Remediation

From the console

See the Setting an AWS IAM Password Policy doc for console remediation steps to enforce a 90-day expiration policy.