Which combination of steps will meet these requirements?
(Choose two.)
Create an Amazon Cognito user pool. Configure the user pool to allow unauthenticated users. Exchange user tokens for temporary credentials that allow authenticated users to assume a role.
Create an Amazon Cognito identity pool. Configure the identity pool to allow unauthenticated users. Exchange unique identity for temporary credentials that allow all users to assume a role.
Create an Amazon CloudFront distribution. Configure the distribution to allow unauthenticated users. Exchange user tokens for temporary credentials that allow all users to assume a role.
Create a role for authenticated users that allows access to all content. Create a role for unauthenticated users that allows access to only the sample content.
Allow all users to access the sample content by default. Create a role for authenticated users that allows access to the other content.
Explanations:
Amazon Cognito user pools are used for managing authentication and not for tracking guest users. This doesn’t address the need to track guest users who eventually create an account.
Amazon Cognito identity pools allow both authenticated and unauthenticated users to be tracked and managed. This enables tracking of guest users and allows them to access the sample content.
Amazon CloudFront is not used for authentication or tracking users. It’s primarily for content delivery, not user management.
Creating separate roles for authenticated and unauthenticated users is a valid solution to manage access to sample content for guests and full content for authenticated users.
Allowing all users to access sample content by default doesn’t track or distinguish guest users and authenticated users, which is needed for the company’s requirements.
I map out that the answer is:
Create an Amazon Cognito identity pool. Configure the identity pool to allow unauthenticated users. Exchange unique identity for temporary credentials that allow all users to assume a role.