AWS Certified Solutions Architect – Professional — Question 457

Company B is launching a new game app for mobile devices. Users will log into the game using their existing social media account to streamline data capture.
Company B would like to directly save player data and scoring information from the mobile app to a DynamoDS table named Score Data When a user saves their game the progress data will be stored to the Game state S3 bucket.
What is the best approach for storing data to DynamoDB and S3?

Answer options

• A. Use an EC2 Instance that is launched with an EC2 role providing access to the Score Data DynamoDB table and the GameState S3 bucket that communicates with the mobile app via web services.
• B. Use temporary security credentials that assume a role providing access to the Score Data DynamoDB table and the Game State S3 bucket using web identity federation.
• C. Use Login with Amazon allowing users to sign in with an Amazon account providing the mobile app with access to the Score Data DynamoDB table and the Game State S3 bucket.
• D. Use an IAM user with access credentials assigned a role providing access to the Score Data DynamoDB table and the Game State S3 bucket for distribution with the mobile app.

Correct answer: B

Explanation

Web identity federation is the AWS best practice for mobile applications because it allows users to authenticate via public identity providers and exchange their login tokens for temporary, limited-privilege AWS credentials. Embedding long-term IAM credentials directly in the app (Option D) is a severe security risk, and using an EC2 proxy (Option A) adds unnecessary infrastructure complexity and latency. Option C is incorrect because it restricts authentication solely to Amazon accounts, failing to support other social media providers.