~ 2 min read

How to change the password of an IAM User in AWS

Changing passwords periodically is considered to be a security best practice. This article provides a walkthrough of how you can change password for an IAM user in AWS.

Introduction

Password rotation is a healthy security behaviour as it ensures that any passwords that may have been leaked, either due to a reuse, or breach, or inadvertently by the user, become irrelevant. The AWS CIS Foundations Benchmark also flags an IAM user whose password has not been changed in the last 90 days as non-compliant. It is recommended to change your password periodically and never reuse it on another site or service.

AWS allows to manage passwords for the users. In this article we will go through the steps to change the password for an IAM user using AWS console.

Change password for an IAM user

Following are the steps to change the password for an IAM user via AWS console:

  1. Login to AWS Management Console and navigate to IAM service

    Select IAM Service

  2. Under Access management on IAM dashboard, go to Users

    IAM Users

  3. We can see the Password age column for each user. This indicates how old is a user’s console password

    User Password Age

  4. To update a user’s console password, click on the user name for that user

    Select IAM User

  5. On Summary page, click on Security credentials tab

    Security Credentials Tab

  6. Click on Manage console access button

    Manage Console Access

  7. Select one of the 3 options under Set password section

    Set User Password

  8. Check the User must create new password at next sign-in checkbox if you require the user to set a new password during their next sign-in, else if you are setting the new password to be used for user login in step 7 itself, then you can skip this step

    Require Password Reset

  9. Finally, click on Apply button

    Apply Password Change

;