Policy: AWS > IAM > Account Password Policy > Settings > Max Age

You can set IAM user passwords to be valid for only the specified number of days. You specify the number of days that passwords remain valid after they are set. For example, when you enable password expiration and set the password expiration period to 90 days, an IAM user can use a password for up to 90 days. After 90 days, the password expires and the IAM user must set a new password before accessing the AWS Management Console. You can choose a password expiration period between 1 and 1095 days, inclusive.

Refer to Setting an account password policy for IAM users for more information on account password policies.

Resource Types

This policy targets the following resource types:

AWS > IAM > Account Password Policy

Primary Policy

This policy is used with the following primary policy:

AWS > IAM > Account Password Policy > Settings

Controls

AWS > IAM > Account Password Policy > Settings

Policy Packs

This policy setting is used by the following policy packs:

Enforce AWS IAM Account Password Policy Settings

Policy Specification

Schema Type	`integer`
Default	`90`
Examples [YAML]	90

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/other

Policy Type URI

tmod:@turbot/aws-iam#/policy/types/accountPasswordPolicySettingsMaxAge

GraphQL

query policyType(id: "tmod:@turbot/aws-iam#/policy/types/accountPasswordPolicySettingsMaxAge") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/aws-iam#/policy/types/accountPasswordPolicySettingsMaxAge'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/aws-iam#/policy/types/accountPasswordPolicySettingsMaxAge'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/aws-iam#/policy/types/accountPasswordPolicySettingsMaxAge"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-iam#/policy/types/accountPasswordPolicySettingsMaxAge"