AWS Certified Cloud Practitioner — Question 488

A company is developing an application that uses multiple AWS services. The application needs to use temporary, limited-privilege credentials for authentication with other AWS APIs.

Which AWS service or feature should the company use to meet these authentication requirements?

Answer options

• A. Amazon API Gateway
• B. IAM users
• C. AWS Security Token Service (AWS STS)
• D. IAM instance profiles

Correct answer: C

Explanation

AWS Security Token Service (AWS STS) is the specific service designed to request and issue temporary, limited-privilege credentials for authenticating with AWS resources. In contrast, IAM users rely on long-term credentials, and Amazon API Gateway is used for creating and managing APIs rather than issuing credentials. While IAM instance profiles utilize STS to delegate permissions to EC2 instances, AWS STS is the fundamental service that generates the temporary tokens.