| « PreviousNext » | |
   | Did this page help you? Yes | No | Tell us about it... |
Managing an IAM Password Policy
Topics
You can set a password policy for the passwords used by IAM users. Your policy can specify that passwords must be of a certain length, must include a selection of characters, and so on.
In addition, you can let users manage passwords and credentials in these ways:
You can let all users change their own passwords. You can do as part of managing the password policy in the IAM console.
You can create an IAM user or group that has permissions (via a policy) to manage password policies, passwords, credentials, and security certificates for other users.
You can create a policy that you can apply to an IAM group that allows users in that group to manage their own (but no one else's) passwords, credentials, and certificates.
When you create or change a password policy, the change is enforced immediately when users change their passwords. IAM will not force users to change pre-existing passwords.
The IAM password policy does not apply to your AWS root account password.
For enhanced security, use password policies together with multi-factor authentication (MFA). For more information about MFA, see Using Multi-Factor Authentication (MFA) Devices with AWS.
