[CIS AWS] Unable to fetch PasswordPolicy

[romulets]

Motivation Regarding

example

Unable to fetch PasswordPolicy, error: operation error IAM: GetAccountPasswordPolicy, https response error StatusCode: 404, RequestID: 0be1895f-a109-40e9-86d7-6c7a89fc91a0, NoSuchEntity: The Password Policy with domain name 604906772406 cannot be found.

It seems that there is no account password policy. More people experience the same error (here and here) and the answer is consistently """this is a intended behaviour, if there is no policy (even with a default policy) you will get a 404""".

For my account it works.

aws iam get-account-password-policy --no-cli-pager

But I do have a custom account password policy https://us-east-1.console.aws.amazon.com/iam/home#/account_settings

Looking at the logs, it happens consistently https://qa-cycle-812-oleg-cfi-8-12-0.kb.us-west2.gcp.elastic-cloud.com:9243/app/fleet/agents/17f57d0a-12ad-424e-aa12-ed3acb2186f3/logs?_q=(datasets:!(elastic_agent.cloudbeat),end:now,logLevels:!(error),query:%27%27,start:now-3d)

Definition of done

• [ ] Understand where a Account Password Policy must be created (on personal level I do have)
• [ ] Create Account Password Policy
• [ ] Update documents if information about the need of Account Password Policy is missing

Related tasks/epics

• Found on https://github.com/elastic/security-team/issues/8219#issuecomment-1870039617
• Investigated on https://github.com/elastic/security-team/issues/7932#issuecomment-1871027771