Question

You are using Amazon Cognito identity pools to assign authenticated SAML users temporary access for downloading data fromAmazon S3 buckets.

For this, you have created multiple rules for each role that gets assigned to users.

Which of the following criteria is matched for evaluating these rules?

A. Rules are evaluated in sequential order & rule with lower value is preferred.

B. Rules are evaluated in sequential order & IAM role for first matching rule is used ,unless a standard attribute is specified to override the order.

C. Rules are evaluated in sequential order & rule with higher value is preferred.

D. Rules are evaluated in sequential order & IAM role for first matching rule is used ,unless a ‘CustomRoleArn” is specified to override the order.

Answer 1

Correct Answer - D.

When multiple rules are assigned, rules are evaluated in a sequential order & the IAM role for the first matching rule is used unless a‘CustomRoleArn”attribute is added to modify this sequence.

Option B is incorrect as a standard attribute does not alter rule evaluation.

Option A & C are incorrect as for each rule there is no preference value.