From 98a1f4bda01df0c9bc94f63cca1b92dab1d8a322 Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <toni.delafuente@alfresco.com>
Date: Wed, 11 Apr 2018 14:09:55 -0400
Subject: [PATCH] improved error handling on check111

---
 checks/check111 | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/checks/check111 b/checks/check111
index 29a015ff..45973792 100644
--- a/checks/check111
+++ b/checks/check111
@@ -11,16 +11,18 @@
 CHECK_ID_check111="1.11"
 CHECK_TITLE_check111="[check111] Ensure IAM password policy expires passwords within 90 days or less (Scored)"
 CHECK_SCORED_check111="SCORED"
-CHECK_ALTERNATE_check111="check111" 
+CHECK_ALTERNATE_check111="check111"
 
 check111(){
   # "Ensure IAM password policy expires passwords within 90 days or less (Scored)"
-  COMMAND111=$($AWSCLI iam get-account-password-policy $PROFILE_OPT --region $REGION --output json | grep MaxPasswordAge | awk -F: '{ print $2 }'|sed 's/\ //g'|sed 's/,/ /g' 2> /dev/null)
+  COMMAND111=$($AWSCLI iam get-account-password-policy $PROFILE_OPT --region $REGION --query PasswordPolicy.MaxPasswordAge --output text 2> /dev/null)
   if [[ $COMMAND111 ]];then
     if [ "$COMMAND111" == "90" ];then
       textPass "Password Policy includes expiration"
+    else
+      textFail "Password expiration is set greater than 90 days"
     fi
   else
-    textFail "Password expiration not set or set greater than 90 days "
+    textFail "Password expiration is not set"
   fi
 }