fix: Allow user to change own password when no MFA is present (#470)

terraform-aws-modules · Mar 25, 2024 · ef0056b · ef0056b
1 parent 5fd612c
commit ef0056b
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/modules/iam-group-with-policies/policies.tf b/modules/iam-group-with-policies/policies.tf
@@ -167,7 +167,8 @@ data "aws_iam_policy_document" "iam_self_management" {
         "iam:ListMFADevices",
         "iam:ListVirtualMFADevices",
         "iam:ResyncMFADevice",
-        "sts:GetSessionToken"
+        "sts:GetSessionToken",
+        "iam:ChangePassword"
       ]
       resources = ["*"]