AWS Certified Solutions Architect – Associate (SAA-C02) — Question 728

A company has a web application that runs on Amazon EC2 instances. The company wants end users to authenticate themselves before they use the web application. The web application accesses AWS resources, such as Amazon S3 buckets, on behalf, on behalf of users who are logged on.
Which combination of actions must a solutions architect take to meet these requirements? (Choose two.)

Answer options

• A. Configure AWS App Mesh to log on users.
• B. Enable and configure AWS Single Sign-On in AWS Identity and Access Management (IAM).
• C. Define a default IAM role for authenticated users.
• D. Use AWS Identity and Access Management (IAM) for user authentication.
• E. Use Amazon Cognito for user authentication.

Correct answer: C, E

Explanation

Amazon Cognito provides user pools for end-user authentication and identity pools to authorize access to AWS services. By defining a default IAM role for authenticated users within Amazon Cognito, the web application can obtain temporary AWS credentials to access resources like Amazon S3 on behalf of the users. Other options like AWS App Mesh or IAM are not designed for direct end-user authentication for custom web applications.