A solutions architect wants all new users to have specific complexity requirements and mandatory rotation periods for IAM user passwords. What should the solutions architect do to accomplish this?
A.
Set an overall password policy for the entire AWS account
B.
Set a password policy for each IAM user in the AWS account.
C.
Use third-party vendor software to set password requirements.
D.
Attach an Amazon CloudWatch rule to the Create_newuser event to set the password with the appropriate requirements.
A
Ref:
You can set a custom password policy on your AWS account to specify complexity requirements and mandatory rotation periods for your IAM users' passwords. If you don't set a custom password policy, IAM user passwords must meet the default AWS password policy. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html
A is ok, but i have a question...it says for ne users...so if we set overall password policy for entire account, it will be applicable to all users....what about only new users clause?
Rules for setting a password policy
The IAM password policy does not apply to the AWS account root user password or IAM user access keys. If a password expires, the IAM user can't sign in to the AWS Management Console but can continue to use their access keys.
When you create or change a password policy, most of the password policy settings are enforced the next time your users change their passwords. However, some of the settings are enforced immediately. For example:
When the minimum length and character type requirements change, these settings are enforced the next time that your users change their passwords. Users are not forced to change their existing passwords, even if the existing passwords do not adhere to the updated password policy.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Suresh108
Highly Voted 3 years, 7 months agoStud
Highly Voted 3 years, 7 months agosomeoneSays
3 years, 7 months agofmkrm
3 years, 7 months agowelly50704
3 years, 7 months agoqueen101
Most Recent 2 years, 9 months agomarklovesaws143
2 years, 10 months agoachrafsky
3 years agoAlfadly
3 years, 4 months agoAkbar_aws
3 years, 7 months agoKK_uniq
3 years, 7 months agosyu31svc
3 years, 7 months agotheEngineer
3 years, 8 months agoAlileva
3 years, 8 months agoSallywhite
3 years, 8 months agowaqas
3 years, 8 months ago