This CloudFormation template does the following
- creates a user “JohnDoe”
- assigns him an IAM policy names IAMUserChangePassword which allows him to change his password.
- at first login the user will be prompted to change his password, this is achieved with the ‘PasswordResetRequired: “true”‘ declaration.
- When creating the stack the creator of the stack is prompted for a default password for this user
By default this user has no other rights except changing his own password.
AWSTemplateFormatVersion: "2010-09-09"
Description: >
This template creates an IAM user named 'JohnDoe'
And permissions for him to change his password.
Parameters:
password:
NoEcho: true
Description: Password for the IAM User
Type: String
Resources:
johndoe:
Type: AWS::IAM::User
Properties:
ManagedPolicyArns:
- arn:aws:iam::aws:policy/IAMUserChangePassword
LoginProfile:
Password: !Ref password
PasswordResetRequired: "true"