AWS MFA Authentication for Application Security

Secure User Authentication with AWS MFA

Prev Question Next Question

Question

An application needs to use an authentication in AWS.

Users need to have MFA enabled when trying to log into the application.

Which of the following can be used for this purpose?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - C.

This is mentioned in the AWS Documentation.

Adding Multi-Factor Authentication (MFA) to a User Pool.

Multi-factor authentication (MFA) increases security for your app by adding another authentication method and not relying solely on user name and password.

You can choose to use SMS text messages or time-based one-time (TOTP) passwords as second factors in signing in to your users.

With adaptive authentication, you can configure your user pool to require second-factor authentication in response to an increased risk level.

To add adaptive authentication to your user pool, see Adding Advanced Security to a User Pool.

Options A and B are incorrect since it's not the right approach to using IAM users or groups to access mobile-based applications.

Option D is incorrect since SAML is used for federated access.

For more information on Cognito with MFA, please refer to the below URL-

https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html

The correct answer is C. Use AWS Cognito with MFA.

Explanation: AWS Cognito is a managed service that provides user sign-up, sign-in, and access control. It supports different authentication mechanisms, including social identity providers, such as Facebook, Google, and Amazon, as well as enterprise identity providers, such as Microsoft Active Directory, and it also offers built-in MFA (Multi-Factor Authentication) support.

To use AWS Cognito with MFA, you can create a user pool in AWS Cognito and configure the MFA settings for the user pool. Then, you can create user accounts in the user pool and require MFA for user authentication. Users can enable MFA in their user accounts by setting up MFA devices, such as a smartphone app or a hardware token.

Option A, creating an IAM user with public access, is not recommended since granting public access to IAM users can lead to security vulnerabilities.

Option B, creating an IAM group with public access, is also not recommended for the same reasons as option A.

Option D, using AWS STS with SAML, is not directly related to MFA authentication. AWS STS (Security Token Service) is a service that enables you to request temporary security credentials that can be used to access AWS resources. SAML (Security Assertion Markup Language) is an XML-based protocol that enables authentication and authorization between two parties, such as an identity provider (IdP) and a service provider (SP). While SAML can be used for authentication, it is not specifically designed for MFA authentication.

In summary, AWS Cognito is the best option for providing MFA authentication for an application running on AWS.