An organization has created 50 IAM users. The organization wants that each user can change their password
but cannot change their access keys. How can the organization achieve this?
A.
The organization has to create a special password policy and attach it to each user
B.
The root account owner has to use CLI which forces each IAM user to change their password on first login
C.
By default each IAM user can modify their passwords
D.
The root account owner can set the policy from the IAM console under the password policy screen
Explanation:
With AWS IAM, organizations can use the AWS Management Console to display, create, change or delete a
password policy. As a part of managing the password policy, the user can enable all users to manage their own
passwords. If the user has selected the option which allows the IAM users to modify their password, he does
not need to set a separate policy for the users. This option in the AWS console allows changing only the
password.
Answer is D
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_enable-user-change.html
0
0
Allow only selected IAM users to change their own passwords. In this scenario, you disable the option for all users to change their own passwords and you use an IAM policy to grant permissions to only some users to change their own passwords and optionally other credentials like their own access keys.
D.
The root account owner can set the policy from the IAM console under the password policy screen
0
0
d
0
0
ddddddd
0
0
d
0
0
d
0
0
Obviously D
0
0
A, you need to create and assign to each user a policy that would deny him creation of the access keys …
“Important
The password settings described here apply only to passwords assigned to IAM users and do not affect any access keys they might have.”
0
0