Password rotation is a healthy security behaviour as it ensures that any passwords that may have been leaked, either due to a reuse, or breach, or inadvertently by the user, become irrelevant. The AWS CIS Foundations Benchmark also flags an IAM user whose password has not been changed in the last 90 days as non-compliant. It is recommended to change your password periodically and never reuse it on another site or service.
AWS allows to manage passwords for the users. In this article we will go through the steps to change the password for an IAM user using AWS CLI.
Following are the steps to change the password for an IAM user via AWS CLI:
To reset the password for an IAM user, run following command
aws iam update-login-profile --user-name <IAM_user_name> --password <user_password> --password-reset-required
The parameter --password-reset-required can be provided when we are providing a temporary password for a user and require them to set a new password during their next sign-in. If we want to set the actual new password for the user, we can either skip the parameter or use the parameter --no-password-reset-required.