AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

A solutions architect wants all new users to have specific complexity requirements and mandatory rotation periods for IAM user passwords.

What should the solutions architect do to accomplish this?

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Set an overall password policy for the entire AWS account.

Set a password policy for each IAM user in the AWS account.

Use third-party vendor software to set password requirements.

Attach an Amazon CloudWatch rule to the Create_newuser event to set the password with the appropriate requirements.

Explanation:

Explanation

The correct answer is A. Set an overall password policy for the entire AWS account.

Why this is correct:

AWS IAM Password Policy: AWS IAM allows you to set an account-wide password policy that applies to all IAM users. This policy can enforce:
- Minimum password length
- Password complexity requirements (uppercase, lowercase, numbers, special characters)
- Password expiration and rotation periods
- Password reuse restrictions
- Password change requirements
Automatic Application: Once set, this policy automatically applies to all new IAM users created in the account, ensuring that all new users will have the required password complexity and rotation periods.
AWS Best Practice: Setting an account-wide password policy is the AWS-recommended approach for enforcing consistent security requirements across all IAM users.

Why other options are incorrect:

B. Set a password policy for each IAM user in the AWS account.

This is inefficient and error-prone. You would need to manually configure password policies for each user individually, which doesn't scale well and could lead to inconsistencies.
AWS IAM doesn't support setting password policies on a per-user basis; password policies are account-wide.

C. Use third-party vendor software to set password requirements.

While third-party identity management solutions exist, this is unnecessary complexity when AWS provides native IAM password policy functionality.
This would add additional cost and management overhead without providing benefits over the native AWS solution.

D. Attach an Amazon CloudWatch rule to the Create_newuser event to set the password with the appropriate requirements.

There is no "Create_newuser" event in CloudWatch Events that can be used to trigger password policy enforcement.
Password policies should be set proactively, not reactively through event-driven mechanisms.
This approach would not guarantee that password requirements are met at the time of user creation.

Key Takeaway:

AWS IAM password policies are account-wide settings that automatically enforce password requirements for all IAM users, making them the most efficient and reliable way to ensure consistent security standards across an organization.

Powered ByGPT-5.2

Comments

Loading comments...