AWS Certified Developer – Associate (DVA-C02) — Question 446

A developer is writing a mobile application that allows users to view images from an S3 bucket. The users must be able to log in with their Amazon login, as well as supported social media accounts.

How can the developer provide this authentication functionality?

Answer options

• A. Use Amazon Cognito with web identity federation.
• B. Use Amazon Cognito with SAML-based identity federation.
• C. Use IAM access keys and secret keys in the application code to allow Get* on the S3 bucket.
• D. Use AWS STS AssumeRole in the application code and assume a role with Get* permissions on the S3 bucket.

Correct answer: A

Explanation

Amazon Cognito with web identity federation is the ideal solution for authenticating mobile app users via public identity providers like Amazon, Google, or Facebook to access AWS resources. SAML-based federation is designed for enterprise identity providers rather than social logins, making Option B incorrect. Storing long-term IAM credentials in mobile app code (Option C) is a severe security risk, and using STS AssumeRole directly in the client app (Option D) lacks the user pool management and social provider integration that Cognito simplifies.