Granting Secure Access to Lambda Functions for Freelance Developers via Facebook Authentication
Question
A startup company that works on social media apps development would like to grant freelance developers temporary access to its Lambda functions setup on AWS.
These developers would be signing-in via Facebook authentication.
Which service is the most appropriate to grant secure access?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - B.
Amazon Cognito web identity federation service acts as a broker that allows authenticated users to access AWS resources.
After successful authentication on platforms such as Facebook, LinkedIn, or Google Mail, users receive temporary authentication code from Amazon Cognito, thereby gain temporary access.
https://aws.amazon.com/cognito/Option A is INCORRECT.
The access required is temporary and not directly onto the AWS environment.
Identity Access Management (IAM) user will be granted access directly using AWS specified credentials.
Option C is INCORRECT.
The IAM user credentials will not authenticate on Facebook.
They are confined to logging onto the AWS environment.
Option D is INCORRECT.
There is no need to take a third-party Web ID from federated access providers since Amazon has the Cognito service to perform that function.
The most appropriate service to grant secure access to the startup company's Lambda functions for freelance developers signing-in via Facebook authentication is Amazon Cognito for web-identity federation (Option B).
Explanation:
Amazon Cognito is a user authentication and authorization service that provides secure access to resources in the AWS Cloud. It supports web identity federation, which allows users to authenticate with third-party identity providers like Facebook, Google, and Amazon. With web identity federation, users can sign in using their existing social media accounts without having to create new credentials.
In this scenario, the startup company can use Amazon Cognito to create a user pool that integrates with Facebook authentication. This user pool can be used to grant temporary access to the company's Lambda functions to freelance developers who sign-in via Facebook authentication. Amazon Cognito provides secure and scalable authentication and authorization, and it also provides features like multi-factor authentication, password resets, and email and SMS notifications.
Option A (Create user credentials using Identity Access Management (IAM)) would not be appropriate because IAM is used for creating and managing user identities and permissions within the AWS ecosystem, and not for integrating with third-party identity providers like Facebook.
Option C (Create temporary access roles using IAM) would also not be appropriate because IAM roles are used for granting permissions to AWS services and resources, and not for integrating with third-party identity providers like Facebook.
Option D (Use a third-party Web ID, federated access provider) would not be appropriate because it is not clear which provider to use, and it would add unnecessary complexity to the setup. Amazon Cognito provides an easy-to-use and secure solution for web identity federation, and it is a recommended approach for this scenario.
