Authentication and Access Credentials for Mobile-Based Applications
Question
Your team is developing a mobile-based application.
The users who are going to use this application will first be authenticated using an external provider such as Facebook.
The application would then need to get temporary access credentials to work with AWS resources.
Which of the following actions would you ideally use for this purpose?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.The ideal AWS service that can be used to grant temporary access credentials to a mobile-based application whose users are authenticated using an external provider such as Facebook is AssumeRoleWithWebIdentity. Therefore, the correct answer is A.
Here's an explanation of each of the options:
A. AssumeRoleWithWebIdentity: This AWS service allows a user to assume a role within an AWS account, using web identity federation. Web identity federation enables users to access AWS resources after they authenticate with an identity provider such as Facebook, Google, or Amazon. Once authenticated, the identity provider issues a security token that can be exchanged for temporary security credentials. These credentials can be used to access AWS resources such as Amazon S3 or Amazon DynamoDB.
B. AssumeRoleWithSAML: This AWS service allows a user to assume a role within an AWS account, using Security Assertion Markup Language (SAML) 2.0. SAML is an XML-based standard used for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. This service is typically used for enterprise applications where a user needs to authenticate using an enterprise identity provider.
C. GetCallerIdentity: This AWS service returns the AWS account ID of the caller making the request. This service is used to determine the AWS account associated with an access key, an IAM role, or a federated user. This service does not grant temporary access credentials.
D. GetSessionToken: This AWS service returns a set of temporary security credentials that can be used to access AWS resources. These credentials are typically used by AWS Identity and Access Management (IAM) users who require temporary access to perform specific tasks. This service requires a user's access key and secret access key to generate temporary security credentials.
Therefore, from the above explanations, AssumeRoleWithWebIdentity is the best choice for this scenario since it allows temporary access credentials to be granted to users who have been authenticated using an external identity provider such as Facebook.
