Overview

An IAM policy that allows IAM users to rotate their own access keys, signing certificates, service specific credentials, and passwords. This policy also provides the permissions necessary to complete this action programmatically and on the console.

Configuration Templates

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "iam:ListUsers",
                "iam:GetAccountPasswordPolicy"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "iam:*AccessKey*",
                "iam:ChangePassword",
                "iam:GetUser",
                "iam:*ServiceSpecificCredential*",
                "iam:*SigningCertificate*"
            ],
            "Resource": [
                "arn:aws:iam::*:user/${aws:username}"
            ],
            "Effect": "Allow"
        }
    ]
}

Actions



Customize Template

Policy Parameters

No policy variables to customize
* Required field

Sources and Documentation

Configuration Source: AWS Documentation

Additional Documentation:

 

© 2020 asecurecloud Inc. All Rights Reserved.