AWS Certified Security – Specialty — Question 4

A company plans to move most of its IT infrastructure to AWS. They want to leverage their existing on-premises Active Directory as an identity provider for AWS.
Which combination of steps should a Security Engineer take to federate the company's on-premises Active Directory with AWS? (Choose two.)

Answer options

• A. Create IAM roles with permissions corresponding to each Active Directory group.
• B. Create IAM groups with permissions corresponding to each Active Directory group.
• C. Configure Amazon Cloud Directory to support a SAML provider.
• D. Configure Active Directory to add relying party trust between Active Directory and AWS.
• E. Configure Amazon Cognito to add relying party trust between Active Directory and AWS.

Correct answer: A, D

Explanation

The correct answer is A and D because creating IAM roles that correspond to Active Directory groups allows for specific permissions to be assigned based on the user's group. Additionally, establishing a relying party trust in Active Directory is essential for enabling federation with AWS. Options B, C, and E do not correctly establish the necessary federation or are not relevant to using Active Directory for AWS authentication.