Skip to content

Latest commit

 

History

History
25 lines (21 loc) · 1.97 KB

password-expiration.md

File metadata and controls

25 lines (21 loc) · 1.97 KB

CloudSploit

AWS / IAM / Password Expiration

Quick Info

Plugin Title Password Expiration
Cloud AWS
Category IAM
Description Ensures password policy enforces a password expiration
More Info A strong password policy enforces minimum length, expirations, reuse, and symbol usage
AWS Link http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html
Recommended Action Enable password expiration for the account

Detailed Remediation Steps

  1. Log in to the AWS Management Console.
  2. Select the "Services" option and search for IAM.
  3. Scroll down the left navigation panel and choose "Account Settings" under "Access management".
  4. Under the "Password Policy" configuration panel scroll down and click on "Change password policy" button.
  5. On the Set password policy page scroll down and check the "Enable password expiration". If the "Enable password expiration" checkbox is not ticked then the password won't expire in any number of days.
  6. Click on the "Enable password expiration" checkbox and mention the days under "Expire passwords in (days)" so that the password will expire after the specified days. For better security reasons define the number of days to at least more than 90. Click on "Allow users to change their own password" as well.
  7. Click on the "Save changes" button to make the necessary changes.
  8. Now "Password Policy" will enforce a password expiration for all the IAM users.