A mobile application requires users to sign in using their social media accounts (Google, Facebook). Once authenticated, the application needs to access an Amazon S3 bucket to upload user-specific photos. Which AWS service combination is MOST appropriate?

Answer options:

AWS IAM users for authentication and IAM roles for S3 access.

Amazon Cognito User Pools for authentication and Identity Pools for AWS credentials.

AWS SSO for authentication and S3 bucket policies for access.

Amazon API Gateway with Lambda authorizers.

How to approach this question

Look for 'social media sign-in' and 'access AWS resources'. This is the classic use case for Cognito User Pools + Identity Pools.

Full Answer

B.Amazon Cognito User Pools for authentication and Identity Pools for AWS credentials.✓ Correct

Amazon Cognito User Pools for authentication and Identity Pools for AWS credentials.

Amazon Cognito User Pools provide a user directory and social identity federation. Cognito Identity Pools take the authentication tokens and provide temporary, scoped AWS credentials to access services like S3.

Common mistakes

Confusing User Pools (authentication) with Identity Pools (authorization/AWS credentials).

Question 07 All questions Question 09

Practice the full AWS SAA-C03 Practice Exam 3

65 questions · hints · full answers · grading

More questions from this exam

Q01A company stores sensitive documents in an Amazon S3 bucket. The security team requires that only...Easy Q02A large enterprise uses AWS Organizations to manage multiple accounts. The security team wants to...Medium Q03A company hosts a web application on Amazon EC2 instances behind an Application Load Balancer (AL...Easy Q04A company wants to continuously monitor its AWS accounts for malicious activity and unauthorized ...Medium Q05A company needs to encrypt data at rest in Amazon RDS and manage database credentials securely. T...Medium

View all 65 questions →