AWS Certified Cloud Practitioner (CLF-C02) — Question 68

A company is developing an application that uses multiple AWS services. The application needs to use temporary, limited-privilege credentials for authentication with other AWS APIs.
Which AWS service or feature should the company use to meet these authentication requirements?

Answer options

• A. Amazon API Gateway
• B. IAM users
• C. AWS Security Token Service (AWS STS)
• D. IAM instance profiles

Correct answer: C

Explanation

The correct answer is AWS Security Token Service (AWS STS) because it provides temporary, limited-privilege credentials for AWS services. IAM users are permanent identities, and IAM instance profiles are used for EC2 instances, while Amazon API Gateway does not handle authentication for other AWS APIs directly.