A developer is implementing a mobile photo-sharing application.
The application uses a DynamoDB table to store user profile data.
The developer wishes to use web identity federation to allow users to authenticate using social networks like Facebook and Google.
What service can the developer use to authorize the application users and grant them access to the DynamoDB table?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: B.
Option A is incorrect because AWS IAM is used to create and manage AWS users and groups.
Option B is CORRECT because AWS Security Token Service can be used to provide temporary security credentials to applications using web identity federation.
The application can then use these credentials to access the AWS DynamoDB table on behalf of the application users.
Option C is incorrect because AWS Directory Service is a managed service offering Microsoft Active Directory capabilities to applications deployed on AWS.
Option D is incorrect because AWS Resource Access Manager manages to share AWS resources among multiple AWS accounts and organizations.
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WIF.htmlThe service that the developer can use to authorize the application users and grant them access to the DynamoDB table is AWS STS (Security Token Service).
AWS STS is a web service that enables you to request temporary, limited-privilege credentials for AWS services. STS allows you to use temporary credentials to access AWS resources, including DynamoDB tables, that you would otherwise not have access to. The credentials are valid for a limited period of time, usually between 15 minutes to 1 hour, and can be used to access AWS services via APIs or AWS Management Console.
In this case, the developer can use web identity federation with AWS STS to allow users to authenticate using social networks like Facebook and Google. This allows users to sign in to the application using their social network account, and the application can then request temporary AWS credentials from STS on behalf of the user. These temporary credentials can then be used to access the DynamoDB table.
AWS IAM (Identity and Access Management) is a service that allows you to manage access to AWS services and resources, but it is not directly involved in authorizing users for access to DynamoDB. AWS Directory Service is a service that allows you to run Microsoft Active Directory in the AWS Cloud, and is not relevant to this use case. AWS Resource Access Manager is a service that allows you to share resources across AWS accounts, but it is not relevant to this use case either.