If there is no rotation set for passwords, it will leave account vulnerable to brute force attempts.
Password policy for AWS accounts can be created and managed in the AWS IAM Console.
In AWS Console -
In Terraform -
References:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_account_password_policy