fix: Allow Change Password when no MFA present (#340)

0x46616c6b · web-flow · commit 0c1cfaaaa2a4 · 2023-02-15T16:19:01.000+01:00
diff --git a/modules/iam-group-with-policies/policies.tf b/modules/iam-group-with-policies/policies.tf
@@ -134,6 +134,7 @@ data "aws_iam_policy_document" "iam_self_management" {
     effect = "Deny"
 
     not_actions = [
+      "iam:ChangePassword",
       "iam:CreateVirtualMFADevice",
       "iam:EnableMFADevice",
       "iam:GetUser",
