How to change the password of an IAM User in AWS

Introduction

Password rotation is a healthy security behaviour as it ensures that any passwords that may have been leaked, either due to a reuse, or breach, or inadvertently by the user, become irrelevant. The AWS CIS Foundations Benchmark also flags an IAM user whose password has not been changed in the last 90 days as non-compliant. It is recommended to change your password periodically and never reuse it on another site or service.

AWS allows to manage passwords for the users. In this article we will go through the steps to change the password for an IAM user using AWS console.

Change password for an IAM user

Following are the steps to change the password for an IAM user via AWS console:

1. Login to AWS Management Console and navigate to IAM service

   

2. Under Access management on IAM dashboard, go to Users

   

3. We can see the Password age column for each user. This indicates how old is a user’s console password

   

4. To update a user’s console password, click on the user name for that user

   

5. On Summary page, click on Security credentials tab

   

6. Click on Manage console access button

   

7. Select one of the 3 options under Set password section

   

8. Check the User must create new password at next sign-in checkbox if you require the user to set a new password during their next sign-in, else if you are setting the new password to be used for user login in step 7 itself, then you can skip this step

   

9. Finally, click on Apply button