AWS Certified Developer – Associate — Question 330

A developer is writing a mobile application that allows users to view images from an S3 bucket. The users must be able to log in with their Amazon login, as well as supported social media accounts.

How can the developer provide this authentication functionality?

Answer options

• A. Use Amazon Cognito with web identity federation.
• B. Use Amazon Cognito with SAML-based identity federation.
• C. Use IAM access keys and secret keys in the application code to allow Get* on the S3 bucket.
• D. Use AWS STS AssumeRole in the application code and assume a role with Get* permissions on the S3 bucket.

Correct answer: A

Explanation

Amazon Cognito with web identity federation is the recommended approach for authenticating mobile app users via public identity providers like Amazon and social media networks. SAML-based federation is intended for enterprise identity providers rather than consumer social logins. Hardcoding IAM credentials or calling STS AssumeRole directly in client-side mobile code poses severe security risks and is not a best practice.