Which solution will meet this requirement?
Configure Amazon Cognito to detect any compromised IAM credentials.
Set up Amazon Inspector. Scan and monitor resources for unauthorized logins.
Set up AWS Config. Add the iam-policy-blacklisted-check managed rule to the account.
Configure Amazon GuardDuty to monitor the UnauthorizedAccess:IAMUser/ConsoleLoginSuccess.B finding.
Explanations:
Amazon Cognito is used primarily for user authentication in applications and does not directly monitor AWS Management Console logins or IAM credentials for unauthorized access across geographic locations.
Amazon Inspector is a security assessment service focusing on identifying vulnerabilities in applications and resources. It does not monitor AWS Management Console logins or unauthorized access events.
AWS Config can track configuration changes and compliance but does not directly monitor login events or unauthorized access across regions. The iam-policy-blacklisted-check rule specifically checks for disallowed IAM policies rather than login activities.
Amazon GuardDuty monitors for unauthorized access and suspicious activities, including unauthorized console logins from unusual geographic locations through findings such as UnauthorizedAccess/ConsoleLoginSuccess.B.