An IAM policy that allows IAM users to rotate their own access keys, signing certificates, service specific credentials, and passwords. This policy also provides the permissions necessary to complete this action programmatically and on the console.

 
Tags
API and CLI Access
Console Access
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "iam:ListUsers",
                "iam:GetAccountPasswordPolicy"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "iam:*AccessKey*",
                "iam:ChangePassword",
                "iam:GetUser",
                "iam:*ServiceSpecificCredential*",
                "iam:*SigningCertificate*"
            ],
            "Resource": [
                "arn:aws:iam::*:user/${aws:username}"
            ],
            "Effect": "Allow"
        }
    ]
}
Customize Policy
No policy variables to customize
* Required field