AWS Certified Cloud Practitioner — Question 541

A company is designing an identity access management solution for an application. The company wants users to be able to use their social media, email, or online shopping accounts to access the application.

Which AWS service provides this functionality?

Answer options

• A. AWS IAM Identity Center (AWS Single Sign-On)
• B. AWS Config
• C. Amazon Cognito
• D. AWS Identity and Access Management (IAM)

Correct answer: C

Explanation

Amazon Cognito is designed to add user sign-up, sign-in, and access control to web and mobile apps, supporting federation with social identity providers like Google, Facebook, and Amazon. AWS IAM and AWS IAM Identity Center are intended for managing access to AWS accounts and resources rather than consumer-facing application users. AWS Config is a service used to assess, audit, and evaluate AWS resource configurations and is not an identity management solution.