Allow an IAM AWS user to manage other AWS IAM user's access/secret keys

manage_access_and_secret_keys_in_iam.json

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "iam:ListUsers",
                "iam:CreateAccessKey",
                "iam:DeleteAccessKey",
                "iam:GetAccessKeyLastUsed",
                "iam:ListAccessKeys",
                "iam:UpdateAccessKey"
            ],
            "Resource": "arn:aws:iam::*:user/*"
        }
    ]
}

Remember--as with any IAM policy--run it through the simulator and then your own set of tests to make sure it does what you want and only what you want.