AWS Certified Solutions Architect – Professional — Question 264

A solutions architect is implementing federated access to AWS for users of the company's mobile application. Due to regulatory and security requirements, the application must use a custom-built solution for authenticating users and must use IAM roles for authorization.
Which of the following actions would enable authentication and authorization and satisfy the requirements? (Choose two.)

Answer options

• A. Use a custom-built SAML-compatible solution for authentication and AWS SSO for authorization.
• B. Create a custom-built LDAP connector using Amazon API Gateway and AWS Lambda for authentication. Store authorization tokens in Amazon DynamoDB, and validate authorization requests using another Lambda function that reads the credentials from DynamoDB.
• C. Use a custom-built OpenID Connect-compatible solution with AWS SSO for authentication and authorization.
• D. Use a custom-built SAML-compatible solution that uses LDAP for authentication and uses a SAML assertion to perform authorization to the IAM identity provider.
• E. Use a custom-built OpenID Connect-compatible solution for authentication and use Amazon Cognito for authorization.

Correct answer: A, C

Explanation

Options A and C are correct as they both involve using custom-built solutions that comply with the requirements for authentication and authorization through AWS SSO. Options B, D, and E do not fully satisfy the requirement of using IAM roles for authorization or involve components that do not align with the specified needs.