iam_password_policy: boto expects pw_expire to be ommitted when setting no expiration requirements (#59848)

Fixes #59102

changelogs/fragments/59848-iam-password-policy-Fix-no-expiration.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - iam_password_policy - Fix AWS/boto3 errors when setting no password expiration

lib/ansible/modules/cloud/amazon/iam_password_policy.py

@@ -61,7 +61,8 @@ options:
     aliases: [allow_password_change]
   pw_max_age:
     description:
-      - Maximum age for a password in days.
+      - Maximum age for a password in days. When this option is 0 then passwords
+        do not expire automatically.
     default: 0
     aliases: [password_max_age]
   pw_reuse_prevent:
@@ -127,18 +128,21 @@ class IAMConnection(object):
         pw_reuse_prevent = module.params.get('pw_reuse_prevent')
         pw_expire = module.params.get('pw_expire')
 
-        try:
-            results = policy.update(
+        update_parameters = dict(
             MinimumPasswordLength=min_pw_length,
             RequireSymbols=require_symbols,
             RequireNumbers=require_numbers,
             RequireUppercaseCharacters=require_uppercase,
             RequireLowercaseCharacters=require_lowercase,
             AllowUsersToChangePassword=allow_pw_change,
-                MaxPasswordAge=pw_max_age,
             PasswordReusePrevention=pw_reuse_prevent,
             HardExpiry=pw_expire
         )
+        if pw_max_age:
+            update_parameters.update(MaxPasswordAge=pw_max_age)
+
+        try:
+            results = policy.update(**update_parameters)
             policy.reload()
         except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e:
             self.module.fail_json_aws(e, msg="Couldn't update IAM Password Policy")