3 Answers
The course mentioned that you can create a user without permissions; however, the user that you create will have no permissions whatsoever
All users start with no permissions in AWS. Permissions must be granted for access. For a good overview, see: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
It looks like creating a user without specifying any permissions now implicitly includes the ‘IAMUserChangePassword’ managed policy. This will allow the user to change their password upon initial login, but will not grant access to any AWS resources.