Which solution meets these requirements?
Enable AWS IAM Identity Center (AWS Single Sign-On) between AWS and the on-premises LDAP.
Create an IAM policy that uses AWS credentials, and integrate the policy into LDAP.
Set up a process that rotates the IAM credentials whenever LDAP credentials are updated.
Develop an on-premises custom identity broker application or process that uses AWS Security Token Service (AWS STS) to get short-lived credentials.
Explanations:
AWS IAM Identity Center (AWS SSO) requires SAML or OIDC for integration with external identity providers. Since the on-premises LDAP is not SAML-compatible, this option does not meet the requirement.
Creating an IAM policy that uses AWS credentials and integrating it into LDAP does not address the authentication challenge. IAM policies do not directly integrate with LDAP, and this approach would not facilitate user authentication to the AWS Management Console.
Rotating IAM credentials based on LDAP updates does not provide a direct method for authenticating users to the AWS Management Console. This option fails to establish a connection between LDAP authentication and AWS access.
Developing a custom identity broker application can facilitate the translation of LDAP authentication to AWS credentials. By using AWS Security Token Service (AWS STS), the application can obtain short-lived AWS credentials after validating users against the on-premises LDAP, effectively meeting the requirements.
It appears that the answer is:
Develop an on-premises custom identity broker application or process that uses AWS Security Token Service (AWS STS) to get short-lived credentials.