AIM User 改 Password

In the navigation bar on the upper right,

choose your user name, and then choose "My Security Credentials".

Allow 所有 AIM User 都可以改 Password

IAM > Account settings > "Password policy" section

Tick "Allow users to change their own password" (Default 係無 tick 的)

Notes: 記得 tick 埋

• Require at least one uppercase letter from Latin alphabet (A-Z)
• Require at least one lowercase letter from Latin alphabet (a-z)
• Require at least one number

限定某 A/C 先可以改 Password

Create the users who should be allowed to change their own password

 *

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iam:GetAccountPasswordPolicy",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "iam:ChangePassword",
      "Resource": "arn:aws:iam::account-id:user/${aws:username}"
    }
  ]
}

由某 IP 發起 start / stop instance

ID <= 可以 reboot 的 instance ID

R.R.R.R <= 發起的 IP

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ec2:RebootInstances",
                "ec2:StartInstances",
                "ec2:StopInstances"
            ],
            "Resource": "arn:aws:ec2:ap-east-1:AWSID:instance/ID",
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": "R.R.R.R"
                }
            }
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "ec2:DescribeInstances",
            "Resource": "*",
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": "R.R.R.R"
                }
            }
        }
    ]
}