An organization has created 50 IAM users. The organization wants that each user can change
their password but cannot change their access keys. How can the organization achieve this?
A.
The organization has to create a special password policy and attach it to each user
B.
The root account owner has to use CLI which forces each IAM user to change their password
on first login
C.
By default each IAM user can modify their passwords
D.
The root account owner can set the policy from the IAM console under the password policy
screen
Explanation:
With AWS IAM, organizations can use the AWS Management Console to display, create, change
or delete a password policy. As a part of managing the password policy, the user can enable all
users to manage their own passwords. If the user has selected the option which allows the IAM
users to modify their password, he does not need to set a separate policy for the users. This
option in the AWS console allows changing only the password.
D
0
0
D
0
0
D
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_enable-user-change.html
Allow only selected IAM users to change their own passwords. In this scenario, you disable the option for all users to change their own passwords and you use an IAM policy to grant permissions to only some users to change their own passwords and optionally other credentials like their own access keys.
0
0