Your development team is developing a mobile application that access resources in AWS.
The users accessing this application will be logging in via Facebook and Google.
Which of the following AWS mechanisms would you use to authenticate users for the application that needs to access AWS resources.
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - C.
The AWS documentation mentions the following.
You can directly configure individual identity providers to access AWS resources using web identity federation.
AWS currently supports authenticating users using web identity federation through several identity providers:
Login with Amazon.
Facebook Login.
Google Sign-in
For more information on Web identity federation please visit the below URL:
http://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/loading-browser-credentials-federated-id.htmlThe correct answer is C. Use Web identity federation to authenticate the users.
Explanation: When developing a mobile application that accesses AWS resources, it is important to authenticate users in a secure and efficient way. In this scenario, the users will be logging in via Facebook and Google, and we want to authenticate them to access AWS resources.
Option A suggests using separate IAM users for each Facebook and Google user. However, this is not a scalable solution since it would require creating and managing an IAM user for each user in the mobile application. This would result in an administrative overhead and can lead to security risks.
Option B suggests using separate IAM Roles for each Facebook and Google user. However, this solution is also not ideal since it would require creating and managing an IAM role for each user in the mobile application. This can also lead to an administrative overhead and security risks.
Option D suggests using AWS policies to authenticate users. However, AWS policies are used to control access to AWS resources for authenticated users or resources, not for authentication itself.
The best solution is Option C, using Web identity federation to authenticate users. Web identity federation is a mechanism provided by AWS that allows users to access AWS resources by using an identity provider (in this case Facebook and Google). It allows users to sign in to your app using their existing Facebook or Google account, and then assume an IAM role that grants access to the necessary AWS resources.
This approach provides several benefits such as:
Reduced administrative overhead: Since users are not managed within AWS, there is no need to create and manage IAM users or roles for each user.
Increased security: Web identity federation uses temporary security credentials that are valid for a short period of time, minimizing the risk of credential compromise.
Scalability: Since there is no need to create and manage IAM users or roles for each user, this approach can scale to support a large number of users.
In summary, Web identity federation is the best solution for authenticating users accessing a mobile application that accesses AWS resources when users are logging in via Facebook and Google.