AWS Certified Cloud Practitioner (CLF-C02) — Question 395

A company uses a third-party identity provider (IdP). The company wants to provide its employees with access to AWS accounts and services without requiring another set of login credentials.

Which AWS service will meet this requirement?

Answer options

• A. AWS Directory Service
• B. Amazon Cognito
• C. AWS IAM Identity Center
• D. AWS Resource Access Manager (AWS RAM)

Correct answer: C

Explanation

AWS IAM Identity Center enables you to connect your external identity provider (IdP) to AWS, allowing users to sign in with their existing corporate credentials to access multiple AWS accounts and applications. AWS Directory Service is used to set up and run AWS Managed Microsoft AD, while Amazon Cognito is designed for customer-facing application authentication. AWS Resource Access Manager (AWS RAM) is used to share resources across AWS accounts and does not handle user identity federation.