UPD: Updated ManageOwnCredentials policy

modules/security_identity_compliance/iam-user/main.tf

@@ -37,7 +37,7 @@ data "aws_iam_policy_document" "user-policy" {
       "iam:ChangePassword",
       "iam:CreateAccessKey",
       "iam:DeleteAccessKey",
-      "iam:ListAccessKey",
+      "iam:ListAccessKeys",
       "iam:CreateVirtualMFADevice",
       "iam:EnableMFADevice",
       "iam:ListMFA*",
@@ -46,7 +46,14 @@ data "aws_iam_policy_document" "user-policy" {
     ]
 
     effect    = "Allow"
-    resources = ["arn:aws:iam::account-id:user/${var.iam-user-name}"]
+    resources = ["arn:aws:iam::*:user/$${aws:username}"]
+  }
+
+  statement {
+    sid       = "GetPasswordPolicy"
+    actions   = ["iam:GetAccountPasswordPolicy"]
+    effect    = "Allow"
+    resources = ["*"]
   }
 }
 
@@ -73,7 +80,7 @@ resource "aws_iam_user_login_profile" "iam-user-profile-pgp" {
   pgp_key = var.pgp-key
 }
 
-resource random_id secrets-random-id {
+resource "random_id" "secrets-random-id" {
   byte_length = 2
 }
 resource "aws_secretsmanager_secret" "secretmanager" {