AWS Certified Solutions Architect – Associate (SAA-C02) — Question 289

A solutions architect wants all new users to have specific complexity requirements and mandatory rotation periods for IAM user passwords. What should the solutions architect do to accomplish this?

Answer options

• A. Set an overall password policy for the entire AWS account
• B. Set a password policy for each IAM user in the AWS account.
• C. Use third-party vendor software to set password requirements.
• D. Attach an Amazon CloudWatch rule to the Create_newuser event to set the password with the appropriate requirements.

Correct answer: A

Explanation

Setting an account-wide password policy in AWS IAM allows administrators to define complexity rules and expiration periods that automatically apply to all IAM users in the account. Configuring policies individually per user is not scalable or natively supported in this manner, and using third-party software or CloudWatch rules adds unnecessary complexity for a feature natively supported by IAM.