IAM users need passwords in order to access the AWS Management Console. (They do not needpasswords if they will access AWS resources programmatically by using the CLI, AWS SDKs, or theAPIs.)
You can use a password policy to do these things:
Set a minimum password length.
Require specific character types, including uppercase letters, lowercase letters, numbers, and non alphanumericcharacters.
Be sure to remind your users that passwords are case sensitive.
Allow all IAM users to change their own passwords.
Require IAM users to change their password after a specified period of time (enable passwordexpiration). Prevent IAM users from reusing previous passwords.
Force IAM users to contact an account administrator when the user has allowed his or her passwordto expire.
Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html