CHECK_ID_check13="1.3,1.03"
CHECK_TITLE_check13="Ensure credentials unused for 90 days or greater are disabled (Scored)"
CHECK_SCORED_check13="SCORED"
CHECK_ALTERNATE_check103="check13"

check13(){
  # "Ensure credentials unused for 90 days or greater are disabled (Scored)"
  textTitle "$ID13" "$TITLE13" "SCORED" "LEVEL1"
  COMMAND12_LIST_USERS_WITH_PASSWORD_ENABLED=$(cat $TEMP_REPORT_FILE|awk -F, '{ print $1,$4 }' |grep true | awk '{ print $1 }')
  if [[ $COMMAND12_LIST_USERS_WITH_PASSWORD_ENABLED ]]; then
    COMMAND13=$(
    for i in $COMMAND12_LIST_USERS_WITH_PASSWORD_ENABLED; do
      cat $TEMP_REPORT_FILE|awk -F, '{ print $1,$5 }' |grep $i| awk '{ print $1 }'|tr '\n' ' ';
    done)
    # list of users that have used password
    USERS_PASSWORD_USED=$($AWSCLI iam list-users --query "Users[?PasswordLastUsed].UserName" --output text $PROFILE_OPT --region $REGION)
    if [[ $USERS_PASSWORD_USED ]]; then
      # look for users with a password last used more or equal to 90 days
      for i in $USERS_PASSWORD_USED; do
        DATEUSED=$($AWSCLI iam list-users --query "Users[?UserName=='$i'].PasswordLastUsed" --output text $PROFILE_OPT --region $REGION | cut -d'T' -f1)
        HOWOLDER=$(how_older_from_today $DATEUSED)
        if [ $HOWOLDER -gt "90" ];then
          textWarn "User \"$i\" has not logged in during the last 90 days "
        else
          textOK "User \"$i\" found with credentials used in the last 90 days"
        fi
      done
    fi
  else
      textOK "No users found with password enabled"
  fi
}