IAM Password policy should have expiry less than or equal to 90 days.
IAM account password policies should have a maximum age specified.
The account password policy should be set to expire passwords after 90 days or less.
The following example will fail the AWS038 check.
The following example will pass the AWS038 check.