Changes the password of the IAM user who is calling this operation. This operation can be performed using the CLI, the Amazon Web Services API, or the My Security Credentials page in the Amazon Web Services Management Console. The Amazon Web Services account root user password is not affected by this operation.

Use UpdateLoginProfile to use the CLI, the Amazon Web Services API, or the Users page in the IAM console to change the password for any IAM user. For more information about modifying passwords, see Managing passwords in the IAM User Guide .

See also: AWS API Documentation

Request Syntax

response = client.change_password(
  • OldPassword (string) --


    The IAM user's current password.

  • NewPassword (string) --


    The new password. The new password must conform to the Amazon Web Services account's password policy, if one exists.

    The regex pattern that is used to validate this parameter is a string of characters. That string can include almost any printable ASCII character from the space ( \u0020 ) through the end of the ASCII character range ( \u00FF ). You can also include the tab ( \u0009 ), line feed ( \u000A ), and carriage return ( \u000D ) characters. Any of these characters are valid in a password. However, many tools, such as the Amazon Web Services Management Console, might restrict the ability to type certain characters because they have special meaning within that tool.




  • IAM.Client.exceptions.NoSuchEntityException
  • IAM.Client.exceptions.InvalidUserTypeException
  • IAM.Client.exceptions.LimitExceededException
  • IAM.Client.exceptions.EntityTemporarilyUnmodifiableException
  • IAM.Client.exceptions.PasswordPolicyViolationException
  • IAM.Client.exceptions.ServiceFailureException


The following command changes the password for the current IAM user.

response = client.change_password(


Expected Output:

    'ResponseMetadata': {
        '...': '...',