ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 197 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 197
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company is refactoring applications to use AWS. The company identifies an internal web application that needs to make Amazon S3 API calls in a specific AWS account.

The company wants to use its existing identity provider (IdP) auth.company.com for authentication. The IdP supports only OpenID Connect (OIDC). A DevOps engineer needs to secure the web application's access to the AWS account.

Which combination of steps will meet these requirements? (Choose three.)

  • A. Configure AWS IAM Identity Center (AWS Single Sign-On). Configure an IdP. Upload the IdP metadata from the existing IdP.
  • B. Create an IAM IdP by using the provider URL, audience, and signature from the existing IP.
  • C. Create an IAM role that has a policy that allows the necessary S3 actions. Configure the role's trust policy to allow the OIDC IP to assume the role if the sts.amazon.com:aud context key is appid_from_idp.
  • D. Create an IAM role that has a policy that allows the necessary S3 actions. Configure the role's trust policy to allow the OIDC IP to assume the role if the auth.company.com:aud context key is appid_from_idp.
  • E. Configure the web application to use the AssumeRoleWithWebIdentity API operation to retrieve temporary credentials. Use the temporary credentials to make the S3 API calls.
  • F. Configure the web application to use the GetFederationToken API operation to retrieve temporary credentials. Use the temporary credentials to make the S3 API calls.
Show Suggested Answer Hide Answer
Suggested Answer: BDE 🗳️
by Arnaud92 at Feb. 7, 2024, 12:52 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
vortegon
Highly Voted 1 year, 2 months ago
Selected Answer: BDE
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html
upvoted 5 times
...
sn61613
Most Recent 4 months, 1 week ago
Selected Answer: BCE
BCE https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html
upvoted 1 times
...
Gomer
10 months ago
Selected Answer: BDE
"Use OpenID Connect (OIDC) federated identity providers instead of creating" IAM users." "With an" IdP "you can manage" "user identities outside of AWS and give these external user identities permissions to access AWS resources in your account." B: (YES) "IAM OIDC identity Providers" "This is useful when creating a mobile app or web application that requires access to AWS resources, but you don't want to create custom sign-in code or manage your own user identities." D: (YES) "For OIDC providers, use the fully qualified URL of the OIDC IdP with the aud context key" e.g.: "Condition": {"StringEquals": {"server.example.com:aud": "appid_from_oidc_idp"}}" E: (YES) "AssumeRoleWithWebIdentity" "Federation through a web-based" IDP "returns a set of temporary security credentials for federated users" "authenticated" "with a public identity provider." "This operation is useful for" "client-based web applications that require access to AWS."
upvoted 2 times
...
seetpt
1 year ago
Selected Answer: BDE
BDE for me
upvoted 1 times
...
dkp
1 year ago
Selected Answer: ADE
DE is correct not sure between A & B A. Configure AWS IAM Identity Center (AWS Single Sign-On). Configure an IdP. Upload the IdP metadata from the existing IdP. Pros: Integrates with AWS SSO and allows for IdP metadata upload. Cons: AWS SSO is generally used for managing multiple AWS accounts and SSO for multiple AWS services, might be overkill for a single account and application. B. Create an IAM IdP by using the provider URL, audience, and signature from the existing IP. Pros: Creates a custom IAM IdP using the existing IdP's details. Cons: Manual configuration of IAM IdP might be error-prone and not the best practice for OIDC integration.
upvoted 1 times
...
thanhnv142
1 year, 2 months ago
Selected Answer: BDE
BDE: A: we need to create an IDP. We dont need a AWS Single Sign-On B: correct C: we need to authen. sts.amazon.com:aud does not for authen D: auth.company.com:aud is for authen E: This used for authen AssumeRoleWithWebIdentity F: This is not used for authen
upvoted 4 times
...
Ramdi1
1 year, 2 months ago
Selected Answer: CDE
C & D: Creating an IAM role with specific S3 permissions and configuring the trust policy based on the appropriate audience (sts.amazon.com:aud or auth.company.com:aud) allows secure role assumption by the OIDC IdP on behalf of authenticated users. E: Using AssumeRoleWithWebIdentity fetches temporary credentials with restricted privileges, enhancing security compared to long-lived credentials.
upvoted 1 times
Ramdi1
1 year, 2 months ago
Options A, B, and F are not suitable for this scenario: A: AWS SSO is currently not available for public AWS accounts and wouldn't address the specific OIDC integration requirement. B: While creating an IAM IdP is possible, it's generally less secure than leveraging the existing, trusted IdP with OIDC support. F: GetFederationToken is often used with SAML-based federation and wouldn't work directly with OIDC.
upvoted 1 times
...
...
Chelseajcole
1 year, 2 months ago
BDE is my answer
upvoted 3 times
...
Arnaud92
1 year, 2 months ago
Selected Answer: ADE
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago