Resolves #14 cannot change password without MFA device active (#15)

* Resolves #14 cannot change password without MFA device active * Update CHANGELOG.md As per request.
ace-teknologi · Aug 9, 2019 · 44cd2f0 · 44cd2f0
1 parent ccfe0ae
commit 44cd2f0
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,9 +1,11 @@
 # CHANGELOG
 
-## v0.1.1 (UNRELEASED)
+## v0.1.1 (2019-08-08)
 
-*   Resolves incorrect repo path in taggings.tf
+*   Resolves incorrect repo path in taggings.tf.
     (Ref: <https://github.com/ace-teknologi/terraform-iam/issues/12>)
+*   Resolves inability to change password without an MFA device activated.
+    (Ref: <https://github.com/ace-teknologi/terraform-iam/issues/14>)
 
 ## v0.1.0 (2019-08-05)
 

diff --git a/groups/main.tf b/groups/main.tf
@@ -248,16 +248,18 @@ data "aws_iam_policy_document" "self_management" {
     effect = "Deny"
 
     not_actions = [
+      "iam:ChangePassword",
       "iam:CreateVirtualMFADevice",
       "iam:CreateLoginProfile",
       "iam:DeleteVirtualMFADevice",
       "iam:EnableMFADevice",
-      "sts:GetSessionToken",
+      "iam:GetAccountPasswordPolicy",
       "iam:GetUser",
       "iam:ListMFADevices",
       "iam:ListUsers",
       "iam:ListVirtualMFADevices",
       "iam:ResyncMFADevice",
+      "sts:GetSessionToken",
     ]
 
     resources = ["*"]