Checks whether the password validity period configured for the password policy of each RAM user meets the specified value. If so, the evaluation result is Compliant.
Scenarios
If the password validity period is configured for the password policy of a RAM user, the RAM user is forced to regularly update the password. This prevents security risks caused by long-term use of the same password.
Risk level
Default risk level: high.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
If the password validity period configured for the password policy of each RAM user meets the specified value, the evaluation result is Compliant. By default, the validity period is up to 90 days.
Rule details
Parameter | Description |
Rule template name | ram-password-max-age-check |
Rule template identifier | |
Automatic remediation | Not supported |
Trigger type | Periodic: Every 24 hours |
Supported resource type | ACS::::Account |
Input parameter | maxPasswordAge (Default value: 90) |
Non-compliance remediation
For more information, see Specify the maximum session duration for a RAM role.