aws iam change-password

https://docs.aws.amazon.com/cli/latest/reference/iam/change-password.html

aws iam change-password
aws iam change-password --cli-input-json file://change-password.json

Errors:

 An error occurred (AccessDenied) when calling the ChangePassword operation: User: arn:aws:iam::146910341356:user/MY_USERNAME is not authorized to perform: iam:ChangePassword on resource: user MY_USERNAME with an explicit deny

Related

• Default password policy: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html#default-policy-details
  • Minimum password length of 8 characters and a maximum length of 128 characters
  • Minimum of three of the following mix of character types: uppercase, lowercase, numbers, and ! @ # $ % ^ & * ( ) _ + - = [ ] { } | ' symbols
  • Not be identical to your AWS account name or email address

• 2FA
• iam:ChangePassword
• IAMUserChangePassword
• passwd linux command

See also

• aws iam [ create-user, create-group, get-user, list-users | list-policies | list-attached-user-policies | attach-user-policy | list-attached-user-policies | list-roles | get-account-summary | put-group-policy | put-role-policy | put-user-policy | create-login-profile | aws iam delete-virtual-mfa-device | aws iam list-virtual-mfa-devices | aws iam create-saml-provider | aws iam list-account-aliases | aws iam create-role | aws iam change-password| enable-mfa-device | list-instance-profiles
• IAM: AWS IAM Identity Center, AWS Identity and Access Management, Google Cloud IAM, Azure IAM, SailPoint, CyberArk, CIAM, ForgeRock, iam:ChangePassword, aws iam, AdministratorAccess, Context keys, IAM Access Analyzer, AWS policy, AWS managed policies, IAMUserChangePassword, AWS Roles, List of AWS policies, Resource-based policy, aws-iam-authenticator, IRSA, RDS Authentication, AccessDenied, AWS Authentication, AWS IAM external access analyzer