Exam AWS Certified Security - Specialty topic 1 question 46 discussion

A is correct B is not correct (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html): For most scenarios, we recommend that you use Amazon Cognito because it acts as an identity broker and does much of the federation work for you. For details, see the following section, Using Amazon Cognito for Mobile Apps. If you don't use Amazon Cognito, then you must write code that interacts with a web IdP, such as Facebook, and then calls the AssumeRoleWithWebIdentity API to trade the authentication token you get from those IdPs for AWS temporary security credentials. If you have already used this approach for existing apps, you can continue to use it.

After many articles I believe the Answer should be A. The B answer is also competent. But the question states that the users should Save their Progress - you need cognito for this (https://aws.amazon.com/blogs/mobile/using-amazon-cognito-to-sync-data-in-unity-games/) The question also states that MOST of people are part of a social media website - not ALL. So with all that in mind, I will go with the answer A - AWS Cognito and with a honest FU to whomever designed this question

Amazon Cognito is an authentication and authorization solution that offers several benefits to developers. It allows developers to quickly and easily set up user authentication and authorization with minimal effort. A

The SIMPLEST is definitely Cognito.

A is correct

I WISH I CAN GET MANY SUCH SIMPLE QUESTION IN MY EXAM

A is my answer.!

This is questions of WebIdentity v/s Cognito . The difference is Cognito benefits: • Support for anonymous users • Support for MFA • Data synchronization Frankly , this is a stupid question as both provide same solution A and B, but Cognito is preferred . Hence A .

A is the answer - " Simplest way" ( It's tricky) is setup Cognito.

I'll go with A

Ans: A 100%

User authentication is what we want to achieve here. Option B is to authorize already-authenticated users with proper roles, so the users can utilize some AWS services.

Guys, it mentions "mobile" games. What's cognito for again? Answer is A.

Answer: A https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-provider.html <snip> We recommend using Amazon Cognito for all mobile apps that call AWS services. If you have an existing app that uses web identity federation it will continue to work, but you might want to consider modifying it to use Amazon Cognito to take advantage of the additional benefits. </snip>

Ans > A AssumeRoleWithWebIdentity returns a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider. Example providers include Amazon Cognito, Login with Amazon, Facebook, Google, or any OpenID Connect-compatible identity provider. So the AssumeRoleWithWebIdentity API call is 'authorization' and not 'authentication' as is the requirement in the question. For authentication, Cognito is the only option mentioned in the question.

Ans (B) https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html

Ans : A it's Congnito :Simple way to setup & use for mobile application authentication for Identity provider like openID. if you want to use AssumeRoleWithWebIdentity , you will need Identity broker . it's long route to reach solution