1 Answer
- Newest
- Most votes
- Most comments
0
Hello, From the information provided, it sounds like the IAM user is able to log in to the AWS console using the password created by the root account. When re-setting the users password on your next try, please ensure that User must create a new password at next sign-in is not selected. If the user is required to create a new password on log-in, but does not have IAM permissions to create a password, they will not be able to use the generated password for a second log-in.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_enable-user-change.html
answered 3 months ago
Relevant content
- asked a year ago
- asked a year ago
- asked 10 months ago
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Thanks, however I am using IAM Identity Center and not IAM, and this IAM user doesn't show up under the IAM console, only in the IAM Idendity Center console. I can't find anywhere in the IAM Identity center where I can change this policy.
OK, I think I may have found one of my problems. When setting up an IAM Identity Center user, there's a setting that sets the maximum length of a session. It was set to 12 hours. So when I tried to log in the next day the log in would fail. I just reset it to 90 days. We'll see if that helps. Although that doesn't explain why it failed, if I logged out of the IAM User account and then tried to log back in on the same day.
BTW, AWS is now recommending using IAM Identity Center and not using IAM as a best practice - FYI.