AWS Command Line Password Reset

Oh, Nuts

Your AWS console login just expired, as the login prompt has been warning for weeks. You need to update that Route 53 entry and your boss is waiting. Do you call the sysadmin and beg for a reset, or can you solve this yourself?

AWS CLI To the Rescue

No worries, you’ve got this covered in 15 seconds.

Use the iam API call update-login-profile combined with your aws iam username (login name for the AWS Console Login).

aws iam update-login-profile --user-name jsmith --password sesame --password-reset-required

The combination is cracked. Login. Whistle innocently like this never happened.

Other Dead Ends

The awscli has another tempting, but misleading API called change-password.

If you tried it, you’d be saddened to see the required --old-password parameter. This is a red herring. Dodge left.

You Don’t Have AWS CLI Password Reset Access

We got a problem here. Your choices are:

Kowtow to your sysadmin for mercy

If it’s a root account, use the password reset process to get a reset email

Allow Users to Reset Passwords

If you’re a sysadmin, set the following IAM policy to enable self service user password reset.