AWS Certified Developer – Associate — Question 357
A company is developing a social leaderboard application in the AWS Cloud. The company will host the application on Amazon S3. The application will retrieve data from an Amazon DynamoDB table for anyone who visits the application without a login. A developer must ensure that all the interactions with AWS services are secure and that all the interactions use proper permissions.
Which AWS feature can the developer use to meet these requirements?
Answer options
- A. Amazon Cognito identity pool
- B. Amazon Cognito user pool
- C. IAM identity-based policy
- D. Amazon Cognito authorizer in Amazon API Gateway
Correct answer: A
Explanation
Amazon Cognito identity pools support unauthenticated (guest) access, allowing the application to obtain temporary, low-privilege AWS credentials to securely read data from Amazon DynamoDB. Amazon Cognito user pools are used for user sign-up and sign-in, which does not address the requirement for guest users who have not logged in. An Amazon Cognito authorizer in Amazon API Gateway and standalone IAM policies do not natively provide a mechanism to securely dispense temporary credentials to unauthenticated web clients.