This policy validates that the account password policy prevents users from re-using previous passwords, and prevents password reuse for 24 or more prior passwords.
Preventing password reuse means that when passwords are rotated they are changed to new passwords. This is considered best security practice as if users are constantly switching between a small number of passwords, when one is compromised the password reset will not prevent its use for long effectively negating the effect of enforcing regular password resets.
To remediate this, set the account password policy to prevent password reuse and set number of passwords to remember to be 24 or more.
2. Alternatively, to just enforce password reuse prevention, use the following command. Note: since this command does not allow for partial updates, this command will remove any password complexity or age requirements set:
aws iam update-account-password-policy --password-reuse-prevention 24