Ideal Implementation for Mobile-Based Application with AWS Resources | SOA-C02 Exam Answer

Guest User Access and Existing Credentials Integration with AWS | AWS Certified SysOps Administrator - Associate Exam | Amazon

Prev Question Next Question

Question

A team in your company wants to develop a mobile-based application that would use AWS resources.

The users should have the ability to log in with existing credentials like Facebook.

But there shall be the ability for guest user access as well.

Which of the following would be the ideal implementation for this?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: C.

This is also mentioned in the AWS Documentation.

Options A and B are incorrect since it's not the right approach to using IAM users or groups to access mobile-based applications.

Option D is incorrect since SAML is used for federated access.

For more information on identity pools, please refer to the below URL-

https://docs.aws.amazon.com/cognito/latest/developerguide/identity-pools.html
Using Identity Pools (Federated Identities) Amazon Cognito identity pools provide temporary AWS credentials for users who are guests (unauthenticated) and for users who have been authenticated and received a token. An identity pool is a store of user identity data specific to your account. To create a new identity pool in the console 1. Sign in to the Amazon Cognito console, choose Manage Federated Identities, and then choose Create new identity pool. 2. Type a name for your identity pool. 3. To enable unauthenticated identities select Enable access to unauthenticated identities from the Unauthenticated identities collapsible section. 4. If desired, configure an authentication provider in the Authentication providers section.

The ideal implementation for developing a mobile-based application that supports logging in with existing credentials like Facebook while also allowing guest user access would be to use AWS Cognito with unauthenticated access enabled. Therefore, the correct answer is C.

Here's why:

AWS Cognito is a user authentication and management service that supports identity verification and allows users to sign up, sign in, and access AWS resources. It provides developers with easy-to-use SDKs and integration with popular third-party identity providers like Facebook, Google, and Amazon. Using AWS Cognito with unauthenticated access enabled would allow both authenticated and unauthenticated users to access the resources of the application.

Option A - Create an IAM user with public access - This is not the best approach as IAM users are intended for accessing AWS resources rather than authenticating users. Moreover, granting public access to an IAM user can pose security risks and could potentially expose the AWS resources to unauthorized access.

Option B - Create an IAM group with public access - This is not the best approach either as creating an IAM group with public access can cause similar security risks as granting public access to an IAM user.

Option D - Use AWS STS with SAML - AWS STS is a web service that provides temporary security credentials that can be used to access AWS resources. SAML (Security Assertion Markup Language) is an XML-based standard used for exchanging authentication and authorization data between parties. While using AWS STS with SAML can be used for authentication, it requires more complex implementation compared to AWS Cognito, which offers a simpler and more efficient approach for mobile-based applications.

In summary, the ideal implementation for developing a mobile-based application that supports both authenticated and unauthenticated access would be to use AWS Cognito with unauthenticated access enabled, as it offers a secure and easy-to-implement authentication and user management solution.

Prev Question Next Question