Policy: Turbot > IAM > Local Directory > User > Password expiration period in hours

The period in hours after which the password for a Local Directory User is considered expired. For example, a period of 2160 (90x24) hours will allow the password to be used for up to 90 days before it must be changed.

Default is 8760 hours (365 days), per the CIS Password Policy Guide.

The maximum allowed value is 8760 hours i.e 365 days.

Note: Setting the value to -1 will never expire the password where as setting the value to 0 will expire the password.

Resource Types

This policy targets the following resource types:

Turbot > IAM > Local Directory > User

Policy Specification

Schema Type	`number`
Default	`8760`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/iam

Policy Type URI

tmod:@turbot/turbot-iam#/policy/types/passwordExpirationPeriodInHours

GraphQL

query policyType(id: "tmod:@turbot/turbot-iam#/policy/types/passwordExpirationPeriodInHours") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/turbot-iam#/policy/types/passwordExpirationPeriodInHours'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/turbot-iam#/policy/types/passwordExpirationPeriodInHours'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/turbot-iam#/policy/types/passwordExpirationPeriodInHours"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/turbot-iam#/policy/types/passwordExpirationPeriodInHours"