Create/Reset IAM User in a minute

We all know command line is indeed much faster than the typical GUI. Lets say, if you wanted to reset any IAM user’s password using GUI, we would have to follow these steps:

  1. Get credentials of the AWS account
  2. Login to account
  3. Browse over to IAM Service
  4. Locate the particular user
  5. Regenerate the password
  6. Bored…. :(
    What if, the password is reset in under 30 seconds (might be less), using command line ?

The below commands make use of AWS CLI, properly configured on your machine to use the particular profile.

Set the alias of the account

1
alias aws=''`which aws`' --profile <PROFILE NAME> --region <REGION>'

Example:

1
alias aws=''`which aws`' --profile RandomAwsProfile --region ap-south-1'

Get the list of IAM users

1
aws iam list-users --output table

Change the password of the particular user

1
aws iam update-login-profile --user-name <USERNAME> --password <PASSWORD> --no-password-reset-required

Just in case, if you wanted to create a new user, simply follow the below steps (Choose permission policy carefully):

1
2
3
4
5
6
7
8
# Create the user
aws iam create-user --user-name <USERNAME>

# Attach the policy to the user for appropriate permissions (be careful)
aws iam attach-user-policy --user-name <USERNAME> --policy-arn "<POLICY ARN>"

# Give the user a complicated password
aws iam create-login-profile --user-name <USERNAME> --password "PASSWORD" --no-password-reset-required

Don’t forget to remove the alias set for the aws command, by this:

1
unalias aws

You can use the following popular policy ARNs below:

  • arn:aws:iam::aws:policy/AdministratorAccess
  • arn:aws:iam::aws:policy/AmazonEC2FullAccess
  • arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess
  • arn:aws:iam::aws:policy/AmazonRDSFullAccess
  • arn:aws:iam::aws:policy/AmazonRDSReadOnlyAccess
  • arn:aws:iam::aws:policy/AmazonS3FullAccess
  • arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
  • arn:aws:iam::aws:policy/PowerUserAccess
  • arn:aws:iam::aws:policy/ReadOnlyAccess
    or,
    1
    aws iam list-policies --output table

Let me know what you think.

amazon web services aws cloud linux iam password