Q91 — AWS SAA-C03 Ch.4
Question 91 of 105 | ← Chapter 4
Q286. A solutions architect wants all new users to have specific complexity requirements and mandatory rotation periods for IAM user passwords.What should the solutions architect do to accomplish this?
- A. Set an overall password policy for the entire AWS account ✓
- B. Set a password policy for each IAM user in the AWS account.
- C. Use third-party vendor software to set password requirements,
- D. Attach an Amazon CloudWatch rule to the Create_newuser event to set the password with the appropriate requirements.
Correct Answer: A. Set an overall password policy for the entire AWS account
Explanation
Rules for setting a password policyThe IAM password policy does not apply to the AWS account root user password or IAM user access keys. If a password expires, the IAM user can't sign in to the AWS Management Console but can continue to use their access keys.When you create or change a password policy, most of the password policy settings are enforced the next time your users change their passwords. However, some of the settings are enforced immediately. For example:When the minimum length and character type requirements change, these settings are enforced the next time that your users change their passwords. Users are not forced to change their existing passwords, even if the existing passwords do not adhere to the updated password policy.https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html