AWS Certified SysOps Administrator – Associate (legacy) — Question 807
Bob is an IAM user who has access to the EC2 services. Admin is an IAM user who has access to all the AWS services including IAM. Can Bob change his own password?
Answer options
- A. No, the IAM user can never change the password
- B. Yes, only from AWS CLI
- C. Yes, only from the AWS console
- D. Yes, provided Admin has given Bob access to change his own password
Correct answer: D
Explanation
By default, IAM users cannot change their own passwords unless they are granted permission to do so. The Admin can enable this either by attaching an IAM policy that allows the 'iam:ChangePassword' action or by configuring the account's password policy to allow users to change their own passwords. Consequently, Bob can only perform this action if the Admin has configured the appropriate permissions, making both console and CLI methods viable under those conditions.