Prev Question
Next Question

You are building a mobile app for consumers to post cat pictures online. You will be storing the images in AWS S3. You
want to run the system very cheaply and simply. Which one of these options allows you to build a photo sharing application
without needing to worry about scaling expensive uploads processes, authentication/authorization and so forth?

A.
Build the application out using AWS Cognito and web identity federation to allow users to log in using Facebook or Google Accounts.
Once they are logged in, the secret token passed to that user is used to directly access resources on AWS, like AWS S3.

B.
Use JWT or SAML compliant systems to build authorization policies.
Users log in with a username and password, and are given a token they can use indefinitely to make calls against the photo
infrastructure.

C.
Use AWS API Gateway with a constantly rotating API Key to allow access from the client-side.
Construct a custom build of the SDK and include S3 access in it.

D.
Create an AWS oAuth Service Domain ad grant public signup and access to the domain.
During setup, add at least one major social media site as a trusted Identity Provider for users.

Explanation:
The short answer is that Amazon Cognito is a superset of the functionality provided by web identity federation. It supports
the same providers, and you configure your app and authenticate with those providers in the same way. But Amazon
Cognito includes a variety of additional features. For example, it enables your users to start using the app as a guest user
and later sign in using one of the supported identity providers.
https://blogs.aws.amazon.com/security/post/Tx3SYCORF5EKRC0/How-Does-Amazon-Cognito-Relate-to-ExistingWeb-Identity-Federatio

Prev Question
Next Question

Leave a Reply

Your email address will not be published. Required fields are marked *