AWS Certified SysOps Administrator SOA-C01 – Question901

Developers are using IAM access keys to manage AWS resources using AWS CLI. Company policy requires that access keys are automatically disabled when the access key age is greater than 90 days.
Which solution will accomplish this?

A.
Configure an Amazon CloudWatch alarm to trigger an AWS Lambda function that disables keys older than 90 days.
B. Configure AWS Trusted Advisor to identify and disable keys older than 90 days.
C. Set a password policy on the account with a 90-day expiration.
D. Use an AWS Config rule to identify noncompliant keys. Create a custom AWS Systems Manager Automation document for remediation.

Correct Answer: D