Which solution will meet these requirements?
Create Amazon Cognito user pools for external social identity providers. Configure IAM roles for the identity pools.
Program the sign-in page to create users’ IAM groups with the IAM roles attached to the groups.
Create an Amazon RDS for SQL Server DB instance to store the users and manage the permissions to the backend resources in AWS.
Configure the sign-in page to register and store the users and their passwords in an Amazon DynamoDB table with an attached IAM policy.
Explanations:
Amazon Cognito user pools provide a fully managed user directory that simplifies user registration, authentication, and management. It supports external social identity providers and minimizes operational overhead. IAM roles can be configured for identity pools, allowing users to access AWS resources securely. This solution effectively manages user identities without requiring significant ongoing management.
Programming the sign-in page to create users’ IAM groups and manage IAM roles requires significant management and operational overhead. It also doesn’t provide a secure and scalable way to handle user registration and authentication compared to using Amazon Cognito, which is designed for this purpose.
Using Amazon RDS for SQL Server requires significant management of the database, including user account management, scaling, and security updates. This increases operational overhead and complexity compared to a serverless solution like Amazon Cognito, which abstracts much of this management.
While storing user data in an Amazon DynamoDB table is possible, managing user registration and password security requires implementing custom logic for authentication and password management, which increases complexity and operational overhead. It lacks the built-in features of user management and security provided by Amazon Cognito.
I surmise that the answer is:
Create Amazon Cognito user pools for external social identity providers. Configure IAM roles for the identity pools.