IAM Policy to allow users change passwords and do user management of their own account

February 6, 2018 - 1 minutes

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "iam:*LoginProfile",
                "iam:*AccessKey*",
                "iam:ListServiceSpecificCredentials",
                "iam:ListGroupsForUser",
                "iam:ListAttachedUserPolicies",
                "iam:ListUserPolicies",
                "iam:*SSHPublicKey*",
                "iam:ChangePassword"
            ],
            "Resource": "arn:aws:iam::AWS_ACCOUNT:user/${aws:username}"
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:ListAccount*",
                "iam:GetAccountSummary",
                "iam:GetAccountPasswordPolicy",
                "iam:ListUsers"
            ],
            "Resource": "arn:aws:iam::AWS_ACCOUNT:user/*"
        }
    ]
}