Strengthen IAM password policy and restrict Operations group permissions in AWS IAM. Simulation Details: Beacon Payments is a mid-sized fintech that builds and operates cloud-based payment processing, digital wallets, and account-management portals for consumers and small businesses across the EU and the UK. Because Beacon processes sensitive financial and personal data under PSD2 and EBA guidance, its AWS IAM posture is under continuous scrutiny. A recent external audit renewed focus on two account-level issues that live inside a single, version-controlled IAM configuration file: a weak account password policy and an Operations IAM group whose permissions are broader than necessary. You are the Cloud Architect responsible for translating audit findings into defensible, practical changes in the single IAM configuration file that governs the EU-Prod and UK-Prod accounts. You will work one-on-one with Erik Lund, the Head of IT Security, using real-time chat or voice to clarify risk tolerance, regulatory expectations, and the operational needs of the Operations team. Erik explains what auditors expect; you ask focused questions, agree on measurable goals, and then encode those decisions directly into the shared YAML in the simulation’s single editor. You must agree a remediation goal with Erik by conversation, then edit the single IAM YAML so the account-level password policy is materially stronger and the Operations group no longer uses broad AdministratorAccess. Completing the simulation requires only one-on-one discussion with Erik and direct edits to the single collaborative IAM configuration file in the simulator’s editor.