IAM account password policies should have a maximum age specified.
The account password policy should be set to expire passwords after 90 days or less.
Long life password increase the likelihood of a password eventually being compromised
Limit the password duration with an expiry in the policy
The following example will fail the aws-iam-set-max-password-age check.
The following example will pass the aws-iam-set-max-password-age check.