Merge pull request #3510 from sgibson91/docs/regenerate-smce-user-pas…

…swords

docs/howto/regenerate-smce-password.md

@@ -0,0 +1,15 @@
+(nasa-smce:regenerate-password)=
+# Regenerate a password for a user in a NASA SMCE account
+
+The AWS accounts associated with NASA's [Science Managed Cloud Environment](https://smce.nasa.gov)
+have a 60 day password expiry policy. If someone on the team misses this
+deadline, we can actually reset passwords for each other!
+
+1. Someone in the team with access logs into the AWS console of the appropriate project
+2. Follow [AWS's user guide on resetting passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_admin-change-user.html#id_credentials_passwords_admin-change-user_console)
+   for whoever's 60 day window has elpased
+3. In addition, a `AccountDisabled` IAM Group will be automatically added to the
+   user whenever their credentials expire, and this will show up as a "cannot
+   change password" error when the user logs in next. So the user should also be
+   removed from this group. You can do so from under the "Groups" tab in the
+   AWS console when looking at the details of this user.

docs/hub-deployment-guide/new-cluster/smce.md

@@ -64,3 +64,8 @@ We only receive **5 days notice** that a password/access key will expire via ema
 Also it is unclear who receives this email: all engineers or just the engineer who
 setup the cluster?
 ```
+
+```{note}
+See [](nasa-smce:regenerate-password) for how to reset an expired password for
+a _user_, e.g., a member of the engineering team.
+```

docs/index.md

@@ -75,6 +75,7 @@ howto/grafana-github-auth.md
 howto/update-env.md
 howto/upgrade-cluster/index.md
 howto/troubleshoot/index.md
+howto/regenerate-smce-password.md
 ```
 
 ## Topic guides