What should the solutions architect do to accomplish this?
Set an overall password policy for the entire AWS account
Set a password policy for each IAM user in the AWS account.
Use third-party vendor software to set password requirements.
Attach an Amazon CloudWatch rule to the Create_newuser event to set the password with the appropriate requirements.
Explanations:
Setting an overall password policy for the entire AWS account allows the solutions architect to define complexity requirements and mandatory rotation periods that apply to all IAM users within the account, ensuring consistent security standards.
IAM password policies cannot be set for individual users. They can only be applied at the account level, meaning this option does not fulfill the requirement of enforcing password policies for all new users effectively.
While third-party vendor software can be used to manage passwords, it does not integrate directly with AWS IAM to enforce password policies. Therefore, it does not provide a native solution to meet AWS password requirements.
Attaching an Amazon CloudWatch rule to the Create_newuser event would require additional custom development to set password requirements, which is not a standard or efficient approach to managing IAM user password policies within AWS.