A company has 25,000 employees and is growing. The company is creating an application that will be accessible to its employees only. A developer is using Amazon S3 to store images and Amazon RDS to store application data. The company requires that all employee information remain in the legacy Security Assertion Markup Language (SAML) employee directory only and is not interested in mirroring any employee information on AWS. How can the developer provide authorized access for the employees who will be using this application so each employee can access their own application data only?
A) Use Amazon VPC and keep all resources inside the VPC, and use a VPC link for the S3 bucket with the bucket policy.
B) Use Amazon Cognito user pools, federate with the SAML provider, and use user pool groups with an IAM policy.
C) Use an Amazon Cognito identity pool, federate with the SAML provider, and use an IAM condition key with a value for the cognito-identity.amazonaws.com:sub variable to grant access to the employees.
D) Create a unique IAM role for each employee and have each employee assume the role to access the application so they can access their personal data only.
Correct Answer:
Verified
Q144: An ecommerce startup is preparing for an
Q145: A developer is creating a role to
Q146: A developer receives the following error message
Q147: A global company has an application running
Q148: A company stores all personally identifiable information
Q150: A developer is refactoring a monolithic application.
Q151: A developer is updating an application deployed
Q152: A company is developing a new web
Q153: A development team wants to run their
Q154: A company has developed a new serverless
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents