Ensure IAM Passwords are set to expire after 90 days
IAM allows for creating users directly with in the AWS console for end users to be allowed to interact with the various services that AWS offers. Password policies should follow that of what industry standards state for the enterprise, ensure password is changed at least once every 90 days. For this reason it is considered a security best practice not keep using the same password. Ensuring that it is restricted will help you with CIS and NIST Compliance.