AWS Certified Security - Specialty (#9)

A company wants to control access to its AWS resources by using identities and groups that are defined in its existing Microsoft Active Directory. What must the company create in its AWS account to map permissions for AWS services to Active Directory user attributes?

AWS IAM groups
AWS IAM users
AWS IAM roles
AWS IAM access keys