Closed Lyneals closed 8 months ago
This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days
This issue was automatically closed because of stale in 10 days
I'm going to lock this issue because it has been closed for 30 days β³. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Description
iam:ChangePassword
permission has been removed from explicit deny allowed list in commit https://github.com/terraform-aws-modules/terraform-aws-iam/commit/eb5b21840bdb1e5549c24200920250692844bceeThis used to be implemented since https://github.com/terraform-aws-modules/terraform-aws-iam/commit/b9f3409fb696abee186b5b914e87ef7a783492a0
User first login with password reset required is now blocked as the
DenyAllExceptListedIfNoMFA
statement denyiam:ChangePassword
and the user cannot setup an MFA before changing passwords.Versions
Module version [Required]:
Terraform version:
Reproduction Code [Required]
Steps to reproduce the behavior:
Execute code above and try to login on AWS Console with the created user
Expected behavior
User allowed to reset his password while MFA is not active
Actual behavior
User is stuck at the change password page
Terminal Output Screenshot(s)
N/A
Additional context