A company wants to provide users with access to AWS resources. The company has 1,500 users and manages their access to on-premises resources through Active Directory user groups on the corporate network. However, the company does not want users to have to maintain another identity to access the resources. A solutions architect must manage user access to the AWS resources while preserving access to the on- premises resources. What should the solutions architect do to meet these requirements?
ACreate an IAM user for each user in the company. Attach the appropriate policies to each user.
BUse Amazon Cognito with an Active Directory user pool. Create roles with the appropriate policies attached.
CDefine cross-account roles with the appropriate policies attached. Map the roles to the Active Directory groups.
DConfigure Security Assertion Markup Language (SAML) 2 0-based federation. Create roles with the appropriate policies attached Map the roles to the Active Directory groups.