AWS Certified Solutions Architect – Associate (SAA-C03) — Question 360

A solutions architect wants all new users to have specific complexity requirements and mandatory rotation periods for IAM user passwords.

What should the solutions architect do to accomplish this?

Answer options

• A. Set an overall password policy for the entire AWS account.
• B. Set a password policy for each IAM user in the AWS account.
• C. Use third-party vendor software to set password requirements.
• D. Attach an Amazon CloudWatch rule to the Create_newuser event to set the password with the appropriate requirements.

Correct answer: A

Explanation

AWS Identity and Access Management (IAM) allows administrators to define an account-wide password policy that automatically enforces complexity constraints and expiration periods for all IAM users. It is not possible to define password policies on a per-user basis, making individual configuration incorrect. Utilizing third-party software or complex Amazon CloudWatch event flows is unnecessary because IAM natively supports account-level password policies.