Your company is planning to develop an application on AWS.
This is a web-based application.
The application users will use their Facebook or Google identities for authentication.
Which of the following is a step you include in your implementation for the web application?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: B.
Option A is incorrect because the security groups do not provide capabilities to provide authentication using third-party identity providers such as Google or Facebook.
Option B is CORRECT because you can use an OIDC identity provider when you want to establish trust between an OIDC-compatible IdP-such as Google, Salesforce, and many others-and your AWS account.
This is useful if you create a mobile app or web application that requires access to AWS resources, but you don't want to create custom sign-in code or manage your own user identities.
Option C is incorrect because SAML is used for federated authentication and not identity authentication using Google or Facebook.
Option D is incorrect because you need to use the OIDC identity provider in AWS and not from Google or Facebook.
For more information on ODIC identity providers, kindly refer to the following URL:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.htmlWhen developing a web application on AWS that allows users to authenticate using their Facebook or Google identities, there are several steps you can take to ensure the security of the application.
Option A is a good first step to take, as it ensures that the Security Groups in the VPC only allow requests from the Google and Facebook Authentication servers. This helps to prevent unauthorized access to the application by blocking requests from unknown sources.
Option B involves creating an OpenID Connect (OIDC) identity provider in AWS. This would enable users to authenticate using their Facebook or Google identities, and would allow the application to access user information provided by these identity providers, such as name and email address.
Option C involves creating a Security Assertion Markup Language (SAML) provider in AWS. This would enable users to authenticate using their Facebook or Google identities, and would allow the application to access user information provided by these identity providers, such as name and email address.
Option D involves creating an OIDC provider in both Google and Facebook. This would enable users to authenticate using their Google or Facebook identities, but would not provide the application with any additional user information beyond what is already available through these identity providers.
In summary, the recommended step to include in your implementation for the web application would be to create an OIDC identity provider in AWS (Option B). However, it is also important to ensure that the Security Groups in the VPC only allow requests from the Google and Facebook Authentication servers (Option A) to help prevent unauthorized access.