A photo-sharing service stores pictures in Amazon Simple Storage Service (S3) and allows application sign-in
using an OpenID Connect-compatible identity provider. Which AWS Security Token Service approach to
temporary access should you use for the Amazon S3 operations?
SAML-based Identity Federation
AWS Identity and Access Management roles
Web Identity Federation
Web identity federation – You can let users sign in using a well-known third party identity provider such as Login
with Amazon, Facebook, Google, or any OpenID Connect (OIDC) 2.0 compatible provider. AWS STS web
identity federation supports Login with Amazon, Facebook, Google, and any OpenID Connect (OICD)-
compatible identity provider.