Conflicting Ansible functions in 4.6.1.1 and 4.6.1.2

[exZACHly]

Describe the Issue
Section 4.6.1.1 PATCH is used to set the PASS_MAX_DAYS for existing users. Section 4.6.1.2 PATCH is used to set the PASS_MIN_DAYS for existing users. However, both Sections use the password_expire_max parameter as part of the ansible.builtin.user module.

Expected Behavior
Section 4.6.1.2 PATCH should use the password_expire_min parameter in the ansible.builtin.user module in order to set the minimum days between password changes for the existing users.

Actual Behavior
Both Sections described above use the password_expire_max parameter, resulting in Section 4.6.1.2 overwriting the PATCH executed in 4.6.1.1. The fully executed output sets the existing users' maximum password age to the amzn2023cis_pass['min_days'] variable value.

Control(s) Affected
4.6.1.2 ("Ensure minimum days between password changes is configured")

Environment (please complete the following information):

• branch being used: tag 1.2.0; however, the issue exists in 1.2.1 as well
• Ansible Version: 2.11
• Host Python Version: Python 3.6.8
• Ansible Server Python Version: Python 3.6.8
• Additional Details: N/A

Additional Notes
N/A

Possible Solution
Replace the password_expire_max parameter in cis_4.6.1.x.yml on line 57 with the password_expire_min parameter. The correct variable appears to be used in 4.6.1.2.