AWS DevOps Engineer Professional Practice Test

Which AWS service allows social network provider authentication for users uploading photos to S3?

• A. AWS Identity and Access Management (IAM)
• B. AWS Cognito using Web Identity Federation
• C. AWS Directory Service
• D. AWS Secrets Manager

The correct answer is: AWS Cognito using Web Identity Federation

AWS Cognito using Web Identity Federation is the correct choice for enabling social network provider authentication for users uploading photos to Amazon S3. This service allows you to authenticate users via social identity providers such as Facebook, Google, and Amazon itself. With AWS Cognito, developers can leverage web identity federation to provide users with secure access to AWS resources without requiring them to create a separate set of credentials. When users authenticate through a social identity provider, they receive a token that can be exchanged to obtain AWS credentials for accessing resources like S3. This streamlines the user experience and simplifies authentication management, making it an effective solution for scenarios where users are uploading photos or other content directly to S3. Other services listed do not provide the same capabilities for social network provider authentication. AWS Identity and Access Management (IAM) is primarily designed for managing access to AWS resources for IAM users and roles but does not natively support social authentication. AWS Directory Service focuses on providing directory services for Microsoft Active Directory on AWS and is not tailored for managing user authentication via social networks. AWS Secrets Manager is used for managing sensitive information such as passwords or API keys, but it does not have features for user authentication or managing user access to AWS services like S3.