Question

A Developer is creating a web application that will be used by employees working from home. The company uses a SAML directory on-premises for storing user information. The Developer must integrate with the SAML directory and authorize each employee to access only their own data when using the application.

A. Create the application within an Amazon VPC and use a VPC endpoint with a trust policy to grant access to the employees.

B. Use Amazon Cognito user pools, federate with the SAML provider, and use user pool groups with

C. Create a unique IAM role for each employee and have each employee assume the role to access the application so they can access their personal data only.

D. Use an Amazon Cognito identity pool, federate with the SAML provider, and use a trust policy with an IAM condition key to limit employee access.

Answer 1

Correct answer is :- D. Use an Amazon Cognito identity pool, federate with the SAML provider, and use a trust policy with an IAM condition key to limit employee access.

Explanation:

Amazon Cognito leverages IAM roles to generate temporary credentials for your application’s users. Access to permissions is controlled by a role’s trust relationships.