Checks whether the password validity period in the RAM user password policy meets the specified value. Compliant if met.
Scenarios
A password validity period forces RAM users to update passwords regularly, preventing risks from prolonged use of the same password.
Risk level
Default risk level: high.
You can change the risk level when you apply this rule.
Compliance evaluation logic
The result is Compliant if the password validity period in the RAM user password policy meets the specified value. Default maximum: 90 days.
Rule details
|
Parameter |
Description |
|
Rule template name |
ram-password-max-age-check |
|
Rule template identifier |
|
|
Automatic remediation |
Not supported |
|
Trigger type |
Periodic: Every 24 hours |
|
Supported resource type |
ACS::::Account |
|
Input parameter |
maxPasswordAge (Default value: 90) |
Non-compliance remediation
For more information, see Set maximum session duration for a RAM role.