Amazon Web Services (AWS) - Create IAM User Password using the AWS CLI

by
Jeremy Canfield |
Updated: April 15 2024
| Amazon Web Services (AWS) articles
This assumes you have already configured the aws command line tool. If not, check out my article on Getting Started with the AWS CLI.
- An IAM Policy allows certain actions (such create) on certain resources (such as EC2)
- An IAM User is typically a users account (such as john.doe) that contains an IAM Identity-Based Policy that allows certain actions (such as list) on certain resources (such S3)
- An IAM Role contains an IAM Policy that allows certain actions (such create) on certain resources (such as EC2). Let's say the Identity-Based Policy attached to john.doe does NOT allow "create S3"
- The Role that allows "create S3" could be attached to john.doe - or, john.doe could Assume the Role:
- Often, a Role will have two Policies:
The aws iam list-users command can be used to list your IAM user accounts.
~]$ aws iam list-users
{
"Users": [
{
"Path": "/",
"UserName": "john.doe",
"UserId": "AIDAABCDL76GLUA6B21234",
"Arn": "arn:aws:iam::711234074567:user/john.doe",
"CreateDate": "2022-09-13T11:13:03+00:00"
}
]
}
The aws iam create-login-profile can be used to set or reset a users password.
~]$ aws iam create-login-profile --user-name john.doe --password itsasecret
{
"LoginProfile": {
"UserName": "john.doe",
"CreateDate": "2023-06-16T01:38:43+00:00",
"PasswordResetRequired": false
}
}
The --password-reset-required flag is often used to require the user to reset their password.
~]$ aws iam create-login-profile --user-name john.doe --password itsasecret --password-reset-required
{
"LoginProfile": {
"UserName": "john.doe",
"CreateDate": "2023-06-16T01:38:43+00:00",
"PasswordResetRequired": true
}
}
Did you find this article helpful?
If so, consider buying me a coffee over at