fix: Allow user to change own password when no MFA is present (#470)

wonko · web-flow · commit ef0056b7b445 · 2024-03-25T08:15:54.000-04:00
diff --git a/modules/iam-group-with-policies/policies.tf b/modules/iam-group-with-policies/policies.tf
@@ -167,7 +167,8 @@ data "aws_iam_policy_document" "iam_self_management" {
         "iam:ListMFADevices",
         "iam:ListVirtualMFADevices",
         "iam:ResyncMFADevice",
-        "sts:GetSessionToken"
+        "sts:GetSessionToken",
+        "iam:ChangePassword"
       ]
       resources = ["*"]
 

Original file line number	Diff line number	Diff line change
`@@ -167,7 +167,8 @@ data "aws_iam_policy_document" "iam_self_management" {`
`167`	`167`	`"iam:ListMFADevices",`
`168`	`168`	`"iam:ListVirtualMFADevices",`
`169`	`169`	`"iam:ResyncMFADevice",`
`170`		`- "sts:GetSessionToken"`
	`170`	`+ "sts:GetSessionToken",`
	`171`	`+ "iam:ChangePassword"`
`171`	`172`	`]`
`172`	`173`	`resources = ["*"]`
`173`	`174`