How can these requirements be met?

A developer is creating a new application that will be accessed by users through an API created using Amazon API Gateway.The users need to be authenticated by a third-party Security Assertion Markup Language (SAML) identity provider.Once authenticated, users will need access to other AWS services, such as Amazon S3 and Amazon DynamoDB.

How can these requirements be met?

Use an Amazon Cognito user pool with SAML as the resource server.

Use Amazon Cognito identity pools with a SAML identity provider as one of the authentication providers.

Use the AWS IAM service to provide the sign-up and sign-in functionality.

Use Amazon CloudFront signed URLs to connect with the SAML identity provider.

Explanations:

Amazon Cognito user pools are used for user sign-up and sign-in, but they do not directly support SAML as a resource server. A resource server is for API scopes, not for authentication.

Amazon Cognito identity pools allow you to integrate a SAML identity provider for authentication. Once authenticated, Cognito provides temporary AWS credentials, enabling access to other AWS services like S3 and DynamoDB.

AWS IAM does not provide user sign-up and sign-in functionality. It is used for managing permissions, not authentication with third-party identity providers like SAML.

Amazon CloudFront signed URLs are used for secure access to CloudFront-distributed content, not for authenticating users through a SAML identity provider for general API access.

Learn & move to cloud

How can these requirements be met?

Explanations:

Leave a Reply Cancel reply