12 thoughts on “AWS IAM Role – Certification

  1. Hi Jayendrapatil

    For Q#14 , I have a confusion whether the answer is A or B? Because question clearly stated user will login using their social media credentials. And the question is the best approach to store the data.
    So i believe A is the right answer. Please clarify ?

    1. The important point is the user needs to be authenticated through an external service and the role able to do things.
      You need to use Web Identity Federation to allows users to be authenticated and then to generate Temporary Security Credentials which can then assume role to be able to perform the actions on S3 and DynamoDB.
      For #A, there is no authentication mechanism and the EC2 has the access which is more static, so if an user gets unauthorized in the Mobile app he would be able to perform these actions.

  2. You are designing a photo sharing mobile app the application will store all pictures in a single Amazon S3 bucket. Users will upload pictures from their mobile device directly to Amazon S3 and will be able to view and download their own pictures directly from Amazon S3. You want to configure security to handle potentially millions of users in the most secure manner possible. What should your server-side application do when a new user registers on the photo-sharing mobile application?

    Shouldn’t the user info be stored in Dynamo DB?

    1. DynamoDB would be ideal here. Only reason the option is not selected is cause, it does not mention the creation of the Role and the step to assume the role which would be needed in case you want the mobile application to interact with AWS services

    1. Hi Pradeep, it should be B and C. Corrected the Answers.
      Couple of things to look out for, the authentication should always be with LDAP and not IAM or STS.
      Also, the application or identity broker should either use a AssumeRole functionality or federated token approach.

      1. Hi Jayendra,

        >>Also, the application or identity broker should either use a AssumeRole functionality or federated token approach.

        What do you mean by the “federated token approach” here? I’m trying to understand the concept. Could you please provide any links that explains federated token.

        Cheers,
        Satish

Leave a Reply

Your email address will not be published. Required fields are marked *