AWS Certified Developer – Associate — Question 19

A company has an application where reading objects from Amazon S3 is based on the type of user. The user types are registered user and guest user. The company has 25,000 users and is growing. Information is pulled from an S3 bucket depending on the user type.
Which approaches are recommended to provide access to both user types? (Choose two.)

Answer options

• A. Provide a different access key and secret access key in the application code for registered users and guest users to provide read access to the objects.
• B. Use S3 bucket policies to restrict read access to specific IAM users.
• C. Use Amazon Cognito to provide access using authenticated and unauthenticated roles.
• D. Create a new IAM user for each user and grant read access.
• E. Use the AWS IAM service and let the application assume the different roles using the AWS Security Token Service (AWS STS) AssumeRole action depending on the type of user and provide read access to Amazon S3 using the assumed role.

Correct answer: C, E

Explanation

The correct answers are C and E because Amazon Cognito allows for easy management of authenticated and unauthenticated user access, which is essential for handling different user types. Using AWS IAM with AssumeRole enables dynamic role assumption based on user type, providing appropriate access without needing to manage numerous IAM users. Options A, B, and D are less efficient or scalable solutions for access management.