A company has a web application that reads from and writes to an Amazon S3 bucket. The company needs to authenticate all S3 API calls with AWS credentials.
Which solution will provide the application with AWS credentials?
A.
Use Amazon Cognito identity pools and the GetId API.
B.
Use Amazon Cognito identity pools and AssumeRoleWithWebIdentity.
Amazon Cognito identity pools provide temporary AWS credentials by exchanging web identity tokens with AWS STS using AssumeRoleWithWebIdentity. According to AWS Certified Security – Specialty documentation, this is the correct mechanism for granting applications AWS credentials.
User pools authenticate users but do not issue AWS credentials. Identity pools integrate with IAM roles and STS, enabling secure, temporary access to AWS services.
Referenced AWS Specialty Documents:
AWS Certified Security – Specialty Official Study Guide
Amazon Cognito Identity Pools
AWS STS Web Identity Federation
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit