How to reset / change IAM user password on AWS
(: April 15, 2019)
My IAM user password had expired and I couldn’t access the AWS Management Console to reset it. The only way I could change/reset IAM user password on AWS was by using AWS CLI. The
update-login-profile command enables IAM users to change their own passwords by calling ChangePassword.
You need to have AWS CLI tools installed and configured for this guide to work. If you don’t have, see our guide below.
After setting up AWS CLI on your Linux system, use your favorite password generator to get a complex password to be used. I often use https://passwordsgenerator.net/ to generate passwords.
Copy password generated and reset your IAM user password using the following command syntax.
aws iam update-login-profile --user-name <username> --password <password>
- <username> is the name of the user whose password you want to update.
- <password> is the new password for the specified IAM user.
aws iam update-login-profile --user-name computingforgeeks --password 'ThRi2DhfdFPl^oo'
You can also specify if the new password is to be used only once by requiring the specified IAM user to set a new password on next sign-in.
aws iam update-login-profile --user-name computingforgeeks --password 'ThRi2DhfdFPl^oo' --password-reset-required
If the new password violates the account password policy, the command returns a PasswordPolicyViolation error.
Reset / Change Password password based on the JSON string provided
The create-login-profile can be used to first create a password for the specified user, giving the user the ability to access AWS services through the AWS Management Console.
aws iam create-login-profile --generate-cli-skeleton > create-login-profile.json
This command creates a JSON file called create-login-profile.json that you can use to fill in the information for a subsequent create-login-profile command.
Use the –cli-input-json option when running the update-login-profile to perform service operation based on the JSON string saved.
aws iam update-login-profile --cli-input-json file://create-login-profile.json
You’ll be asked to reset password on first login to Web console.