An external auditor finds that a company’s user passwords have no minimum length. The company is currently using two identity providers:
- AWS IAM federated with on-premises Active Directory
- Amazon Cognito user pools to accessing an AWS Cloud application developed by the company
Which combination of actions should the security engineer take to solve this issue? (Choose two.)
A. Update the password length policy in the on-premises Active Directory configuration.
B. Update the password length policy in the IAM configuration.
C. Enforce an IAM policy in Amazon Cognito and AWS IAM with a minimum password length condition.
D. Update the password length policy in the Amazon Cognito configuration.
E. Create an SCP with AWS Organizations that enforces a minimum password length for AWS IAM and Amazon Cognito.