ram-password-max-age-check

更新时间:
复制 MD 格式

Checks whether the password validity period in the RAM user password policy meets the specified value. Compliant if met.

Scenarios

A password validity period forces RAM users to update passwords regularly, preventing risks from prolonged use of the same password.

Risk level

Default risk level: high.

You can change the risk level when you apply this rule.

Compliance evaluation logic

The result is Compliant if the password validity period in the RAM user password policy meets the specified value. Default maximum: 90 days.

Rule details

Parameter

Description

Rule template name

ram-password-max-age-check

Rule template identifier

ram-password-max-age-check

Automatic remediation

Not supported

Trigger type

Periodic: Every 24 hours

Supported resource type

ACS::::Account

Input parameter

maxPasswordAge (Default value: 90)

Non-compliance remediation

For more information, see Set maximum session duration for a RAM role.