AWS Certified Security - Specialty (#55)

A Security Engineer has been asked to create an automated process to disable IAM user access keys that are more than three months old. Which of the following options should the Security Engineer use?

In the AWS Console, choose the IAM service and select “Users”. Review the “Access Key Age” column.
Define an IAM policy that denies access if the key age is more than three months and apply to all users.
Write a script that uses the GenerateCredentialReport, GetCredentialReport, and UpdateAccessKey APIs.
Create an Amazon CloudWatch alarm to detect aged access keys and use an AWS Lambda function to disable the keys older than 90 days.