Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam DVA-C02 Topic 6 Question 29 Discussion

Actual exam question for Amazon's DVA-C02 exam
Question #: 29
Topic #: 6
[All DVA-C02 Questions]

An application that runs on AWS Lambda requires access to specific highly confidential objects in an Amazon S3 bucket. In accordance with the principle of least privilege a company grants access to the S3 bucket by using only temporary credentials.

How can a developer configure access to the S3 bucket in the MOST secure way?

Show Suggested Answer Hide Answer
Suggested Answer: A

Amazon Cognito User Pools:A managed user directory service, simplifying user registration and login.

Social Identity Providers:Cognito supports integration with external providers (e.g., Google, Facebook), reducing development effort.

IAM Roles for Authorization:Cognito-managed IAM roles grant fine-grained access to AWS resources (like Lambda functions).

Operational Overhead:Cognito minimizes the need to manage user identities and credentials independently.


Amazon Cognito Documentationhttps://docs.aws.amazon.com/cognito/

Cognito User Pools for Web Applications:https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-integration.html

by Yvette at Jun 23, 2024, 10:01 PM

Limited Time Offer

25%

Off

Get Premium DVA-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Wayne
1 hours ago
Hmm, I'm not sure I'd trust any option that involves storing credentials in environment variables (Option D). That feels like a security vulnerability waiting to happen. Option C is the way to go for sure.
upvoted 0 times
...
Lamar
24 days ago
I'm not a fan of hardcoding credentials in the application code (Option A). That's a big security risk. Option B and D seem better, but I think Option C is the most secure and recommended approach.
upvoted 0 times
Freeman
4 hours ago
User 2
upvoted 0 times
...
Cathrine
3 days ago
User 1
upvoted 0 times
...
...
Ailene
29 days ago
Option C looks like the most secure way to grant access to the S3 bucket. Using a Lambda function execution role with a policy that grants access to specific objects is the best approach to follow the principle of least privilege.
upvoted 0 times
Cassi
6 days ago
C) Create a Lambda function execution role Attach a policy to the role that grants access to specific objects in the S3 bucket.
upvoted 0 times
...
Haydee
14 days ago
B) Create a secret access key and access key ID with permission to access the S3 bucket. Store the key and key ID in AWS Secrets Manager. Configure the application to retrieve the Secrets Manager secret and use the credentials to access the S3 objects.
upvoted 0 times
...
...
Celestina
29 days ago
I'm not sure, but I think hardcoding credentials in the application code is not secure at all.
upvoted 0 times
...
Eva
1 months ago
I agree with Felice. Storing the secret access key and access key ID in Secrets Manager adds an extra layer of security.
upvoted 0 times
...
Felice
1 months ago
I think the most secure way is to use temporary credentials stored in AWS Secrets Manager.
upvoted 0 times
...

Save Cancel