Which solution will meet these requirements?
Configure Amazon Cognito user pools for user authentication. Enable the risk-based adaptive authentication feature with multifactor authentication (MFA).
Configure Amazon Cognito identity pools for user authentication. Enable multi-factor authentication (MFA).
Configure AWS Identity and Access Management (IAM) users for user authentication. Attach an IAM policy that allows the AllowManageOwnUserMFA action.
Configure AWS IAM Identity Center (AWS Single Sign-On) authentication for user authentication. Configure the permission sets to require multi-factor authentication (MFA).
Explanations:
Amazon Cognito user pools provide user authentication and can enable risk-based adaptive authentication, which triggers multifactor authentication (MFA) based on user behavior like geographical location, IP addresses, and device consistency. This meets the requirement for inconsistent logins and can scale to accommodate millions of users.
Amazon Cognito identity pools are primarily used for providing temporary AWS credentials to users and do not offer features like risk-based adaptive authentication. While MFA can be enabled, it does not fulfill the geographical inconsistency requirement as effectively as user pools.
AWS Identity and Access Management (IAM) users are typically used for managing AWS resources and not specifically for user authentication in web applications. IAM does not have built-in capabilities for risk-based adaptive authentication or the required scale for millions of users in user-facing applications.
AWS IAM Identity Center (AWS Single Sign-On) is designed for managing access to multiple AWS accounts and applications but does not natively support risk-based adaptive authentication. While MFA can be required, it does not address the specific needs of geographical and device variability effectively.