DVA-C02 · Question #599
A developer is building a web and mobile application for two types of users: regular users and guest users. Regular users are required to log in, but guest users do not log in. Users should see only t
The correct answer is A. Use an Amazon Cognito identity pool to generate temporary AWS credentials that are linked to. Amazon Cognito Identity Pool with Unauthenticated Role Cognito identity pools can generate temporary AWS credentials for both authenticated and unauthenticated users. For guest users, Cognito assigns an unauthenticated role with limited permissions, ensuring secure access to only
Question
A developer is building a web and mobile application for two types of users: regular users and guest users. Regular users are required to log in, but guest users do not log in. Users should see only their data, regardless of whether they authenticate. Users need AWS credentials before they can access AWS resources. Which solution will meet these requirements?
Options
- AUse an Amazon Cognito identity pool to generate temporary AWS credentials that are linked to
- BSet up an IAM user that has permissions to the required resources. Hardcode the IAM credentials
- CGenerate temporary keys that are stored in AWS KMS. Use the temporary keys to access the
- DGenerate temporary credentials. Store the temporary credentials in AWS Secrets Manager. Use
How the community answered
(54 responses)- A78% (42)
- B11% (6)
- C7% (4)
- D4% (2)
Explanation
Amazon Cognito Identity Pool with Unauthenticated Role Cognito identity pools can generate temporary AWS credentials for both authenticated and unauthenticated users. For guest users, Cognito assigns an unauthenticated role with limited permissions, ensuring secure access to only their resources. This is the most secure and efficient solution for managing AWS credentials dynamically without hardcoding or storing them.
Community Discussion
No community discussion yet for this question.