What should the solutions architect do to accomplish this?
Set an overall password policy for the entire AWS account.
Set a password policy for each IAM user in the AWS account.
Use third-party vendor software to set password requirements.
Attach an Amazon CloudWatch rule to the Create_newuser event to set the password with the appropriate requirements.
Explanations:
Setting an overall password policy for the entire AWS account allows you to define password complexity requirements and mandatory rotation periods that apply to all IAM users within the account, ensuring consistent security standards.
IAM does not allow setting individual password policies for each IAM user; instead, it enforces a single password policy at the account level. Therefore, this option does not meet the requirement for uniformity in password complexity and rotation.
While third-party vendor software can provide additional security measures, AWS IAM provides built-in capabilities to manage password policies. Relying on external software complicates management and integration with AWS IAM.
Attaching a CloudWatch rule to the Create_newuser event would not enforce password complexity or rotation requirements effectively. CloudWatch rules can trigger actions but do not inherently manage password policies or enforce compliance within IAM.