Add a policy to allow users in the wic-prp-eng user group to manage MFA
Change from an inline policy attachment to a customer managed policy
Rename policies to explain their function
Add AWS managed policy for changing own password
Context for reviewers
Testing instructions, background context, more in-depth details of the implementation, and anything else you'd like to call out or ask reviewers. Explain how the changes were verified.
I ran into issues trying to enable MFA for users in the wic-prp-eng user group, so this PR allows them to add/manage their own MFA devices.
In addition, I had been running into max character limit issues for the IAM policy and it turns out that inline policies have a lower max character limit. In addition, it's best practice to use customer managed policies instead of inline policies, so I switched our policy accordingly.
Testing
Screenshots, GIF demos, code examples or output to help show the changes working as expected. ProTip: you can drag and drop or paste images into this textbox.
Ticket
https://wicmtdp.atlassian.net/browse/PRP-205
Changes
wic-prp-enguser group to manage MFAContext for reviewers
I ran into issues trying to enable MFA for users in the
wic-prp-enguser group, so this PR allows them to add/manage their own MFA devices.In addition, I had been running into max character limit issues for the IAM policy and it turns out that inline policies have a lower max character limit. In addition, it's best practice to use customer managed policies instead of inline policies, so I switched our policy accordingly.
Testing
wic-prp-enggroup