AWS Certified Developer – Associate — Question 27

A front-end web application is using Amazon Cognito user pools to handle the user authentication flow. A developer is integrating Amazon DynamoDB into the application using the AWS SDK for JavaScript.
How would the developer securely call the API without exposing the access or secret keys?

Answer options

• A. Configure Amazon Cognito identity pools and exchange the JSON Web Token (JWT) for temporary credentials.
• B. Run the web application in an Amazon EC2 instance with the instance profile configured.
• C. Hardcore the credentials, use Amazon S3 to host the web application, and enable server-side encryption.
• D. Use Amazon Cognito user pool JSON Web Tokens (JWITs) to access the DynamoDB APIs.

Correct answer: A

Explanation

The correct answer is A because configuring Amazon Cognito identity pools allows the application to obtain temporary credentials, enhancing security by not exposing access or secret keys. Option B is less secure since it relies on EC2 instance profiles without necessary token management. Option C is fundamentally insecure as hardcoding credentials is not a best practice. Option D does not provide a secure method for obtaining temporary credentials needed to access DynamoDB.