~ 2 min read

How to change the password of an IAM User using AWS CLI

Changing passwords periodically is considered to be a security best practice. This article provides a step by step guide to change password for an IAM user using AWS CLI.

Introduction

Password rotation is a healthy security behaviour as it ensures that any passwords that may have been leaked, either due to a reuse, or breach, or inadvertently by the user, become irrelevant. The AWS CIS Foundations Benchmark also flags an IAM user whose password has not been changed in the last 90 days as non-compliant. It is recommended to change your password periodically and never reuse it on another site or service.

AWS allows to manage passwords for the users. In this article we will go through the steps to change the password for an IAM user using AWS CLI.

Change password for an IAM user using AWS CLI

Following are the steps to change the password for an IAM user via AWS CLI:

  1. To reset the password for an IAM user, run following command

    aws iam update-login-profile --user-name <IAM_user_name> --password <user_password> --password-reset-required

    Update User Password

    The parameter --password-reset-required can be provided when we are providing a temporary password for a user and require them to set a new password during their next sign-in. If we want to set the actual new password for the user, we can either skip the parameter or use the parameter --no-password-reset-required.

;