Free Sample Artwork for Unauthenticated Users

Limited Subset of Artwork for Guest Users

Prev Question Next Question

Question

You have a paid service providing custom digital art that is hosted on AWS using S3.In order to promote your service, you wish to provide a limited sample of artwork to unauthenticated guest users for free.Which combination of steps will enable guest users to view your free subset of artwork? (Select TWO.)

Answers

A. Enable Unauthenticated identities in Amazon Cognito User Pools.

B. Enable Unauthenticated identities in Amazon Cognito Identity Pools.

C. Turn on public access in AWS S3 Bucket Permissions.

D. Assign an IAM Role with appropriate S3 Access permissions.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer: B and D.

Option A is incorrect because unauthenticated guest access is a feature of Amazon Cognito Identity Pools instead of User Pools.

Option B is CORRECT because Amazon Cognito Identity Pools can be used to enable unauthenticated access to AWS resources.

Option C is incorrect because we do not want to grant public access to AWS S3 Bucket as there is a security issue.

Option D is CORRECT because we need to configure the Unauthenticated Role in Amazon Cognito Identity Pool and map it to an IAM Role.

Reference:

https://docs.aws.amazon.com/cognito/latest/developerguide/identity-pools.html

Te

EC2 Instances
VPC Subnet 1

Availability Zone 7)

Ta

EC2 Instances
VPC Subnet 2

Amazon VPC

Virtual
Private
[Gateway

Customer (SS
Gateway

ASN: 6500)

Customer
Gateway

Customer Network

New York

ASN ao Es

Customer Network
Los Angeles

Customer
Gateway | Customer Network
ASN: 6502 Miami

To enable guest users to view a limited subset of artwork for free on AWS S3, two steps need to be taken:

Enable Unauthenticated identities in Amazon Cognito User Pools or Amazon Cognito Identity Pools.
Turn on public access in AWS S3 Bucket Permissions.

Explanation:

A. Enabling Unauthenticated identities in Amazon Cognito User Pools allows guest users to access AWS resources without providing any credentials. User pools are user directories that provide sign-up and sign-in options for your app users. With Cognito User Pools, you can create a pool of users that can access your app or website. When you enable Unauthenticated identities, your app or website can allow guest users to access a subset of your artwork stored in an S3 bucket.

B. Amazon Cognito Identity Pools provides temporary AWS credentials for users who are authenticated (signed in with their Amazon, Facebook, or Google account) or unauthenticated (guest users). With Identity Pools, you can give users access to AWS resources such as S3, without requiring them to have an AWS account. When you enable Unauthenticated identities, guest users can access a subset of your artwork stored in an S3 bucket.

C. Turning on public access in AWS S3 Bucket Permissions allows guest users to access your artwork without any authentication. When public access is turned on, anyone can access the objects in your bucket using a URL or the AWS SDKs. You can use an S3 bucket policy to grant public access to your artwork.

D. Assigning an IAM Role with appropriate S3 access permissions allows users to access S3 buckets only if they have been granted access by an IAM policy. This option is not suitable for enabling guest users to access your artwork because guest users do not have IAM credentials.

Therefore, the correct answers are A and C.

Prev Question Next Question