We are excited to announce that we have added several new AWS Identity Access and Management (IAM) features aimed at providing you more flexibility and control when managing your IAM users.

With todays launch you can now:

Grant your IAM users access to the Account Activity page and Usage Reports page on the AWS website. Create a password policy to enforce the password strength for your IAM users. Grant your IAM users the ability to change their own password.

Access to Account Activity and Usage Reports

This new feature allows you to create separate and distinct IAM users for business and technical purposes. You can grant your business users access to the Account Activity and/or Usage Reports pages of the AWS website to allow them to access billing and usage data without giving them access to other AWS resources such as EC2 instances or files in S3. Check out Controlling User Access to your AWS Accounts Billing Information for more details.

Password Policies

You can now define an account-wide policy in the IAM Console that enforces password strength for your IAM users upon password change. You can specify password length, and require that passwords include any combination of uppercase letters, lowercase letters, numbers, or symbols. For more details, check out Managing an IAM Password Policy.

Changing Passwords

We have also added a simple graphical user interface in the IAM Console that allows IAM users to change their own password. They can access this by selecting the Security Credentials option from the drop down in the upper right corner of the AWS Management Console. For more details, check out How IAM Users Change Their Own Password.

These features were created to address customer needs that have been brought to our attention via the IAM Forum. Please feel free to let us know what else we can do to make IAM an even better fit for your needs.

— Jeff;