18 thoughts on “AWS IAM Role – Certification

  1. Hi Jayendrapatil

    For Q#14 , I have a confusion whether the answer is A or B? Because question clearly stated user will login using their social media credentials. And the question is the best approach to store the data.
    So i believe A is the right answer. Please clarify ?

    1. The important point is the user needs to be authenticated through an external service and the role able to do things.
      You need to use Web Identity Federation to allows users to be authenticated and then to generate Temporary Security Credentials which can then assume role to be able to perform the actions on S3 and DynamoDB.
      For #A, there is no authentication mechanism and the EC2 has the access which is more static, so if an user gets unauthorized in the Mobile app he would be able to perform these actions.

  2. You are designing a photo sharing mobile app the application will store all pictures in a single Amazon S3 bucket. Users will upload pictures from their mobile device directly to Amazon S3 and will be able to view and download their own pictures directly from Amazon S3. You want to configure security to handle potentially millions of users in the most secure manner possible. What should your server-side application do when a new user registers on the photo-sharing mobile application?

    Shouldn’t the user info be stored in Dynamo DB?

    1. DynamoDB would be ideal here. Only reason the option is not selected is cause, it does not mention the creation of the Role and the step to assume the role which would be needed in case you want the mobile application to interact with AWS services

    1. Hi Pradeep, it should be B and C. Corrected the Answers.
      Couple of things to look out for, the authentication should always be with LDAP and not IAM or STS.
      Also, the application or identity broker should either use a AssumeRole functionality or federated token approach.

      1. Hi Jayendra,

        >>Also, the application or identity broker should either use a AssumeRole functionality or federated token approach.

        What do you mean by the “federated token approach” here? I’m trying to understand the concept. Could you please provide any links that explains federated token.

        Cheers,
        Satish

  3. Hi, There are people discussing question 13 and 14 but I can’t see these questions. There are only 10 questions on this page (AWS IAM Role – Certification April 2, 2016 ~ jayendrapatil), please let me know what part I am missing here. Thanks.

    In addition, how can I just get the topics and questions for AWS Certified Solutions Architect – Associate only. I have ordered official study guide, please let me know if this is sufficient. Thank.

    1. Hi Jo, yup i have moved the Identity Federation to a separate post so thats why the questions number do not match. You might have to match the question.
      Not sure for the Official study guide. But the blog should cover all of it I think and much more.
      For Associate, would rather suggest going for the acloud guru, it covers the topics well, read FAQs and few good reinvent videos + Blog should be good enough.

      1. Thanks Jayendra for quick reply.

        So it means that all of these sample questions and topics are combination of many AWS certificates preparation (Associate and Professional) and I cannot use this as a reference for a single exam as it can be too much detail for me, please explain.

        Thanks again.

  4. Question No 7, Looks like Option A is correct answer ? Instead of Option C. Reason being the meaning of “creating reference role” may not be correct possible way? With option A, it makes more sense as it states ” and associate the Role to the application instances” Any comment ?

Leave a Reply

Your email address will not be published. Required fields are marked *