AWS IAM Password Used Every 90 Days
This policy validates IAM users with console passwords have logged in within the past 90 days.
Console passwords allow AWS console logins to anyone that possess the password (and MFA token if MFA is enabled). If the user is not using console access, this should be disabled to minimize the attack surface of the account.
To remediate this, disable the password for each user mentioned in this alert.
- CIS AWS Benchmark 1.3 "Ensure credentials unused for 90 days or greater are disabled."