AWS Password Expiration Policies
Setting a Password Expiration Period
How do you ensure that users are rotating their passwords? When customizing password policies in AWS IAM, you have the option to enable password expiration. Password expiration periods are an integral part of cloud security. You can select between 1 and 1,095 days that passwords are valid after they are set. Without a reset at the end of the expiration period, users cannot access the AWS Management Console. Once the password is reset, the expiration period restarts.
For more information about password resiliency, visit the AWS documentation for a setting password policy for IAM users.
Ensuring that your users rotate passwords within a reasonable time period is one of the perennial challenges with user password rotations. AWS allows you to create an AWS IAM password policy which allows you to enforce password rotations at a specified time period. Best practices state that passwords should be rotated every 90 days. To do this, you can log into your AWS control panel, go to the Identity and Access Management System, IAM, go to the settings, then go to your password policy. At this step, you can enter 90 days as your password rotation mark and then this will enforce that all users are required to rotate their AWS IAM password on a 90-day interval.