Q40 — AWS SAA-C03 Ch.5

Question 40 of 65 | ← Chapter 5

Q340. A company is hosting a web application from an Amazon S3 bucket. The application uses Amazon Cognito as an identity provider to authenticate users and return a JSON Web Token (JWT) that provides access to protected resources that are stored in another S3 bucket.Upon deployment of the application, users report errors and are unable to access the protected content. A solutions architect must resolve this issue by providing proper permissions so that users can access the protected content.Which solution meets these requirements?

Correct Answer: A. Update the Amazon Cognito identity pool to assume the proper IAM role for access to the protected content.

Explanation

The issue here is that users are unable to access the protected content due to insufficient permissions. When Amazon Cognito authenticates a user and returns a JWT, it can be configured to assume an IAM role that grants access to protected resources.Therefore, to resolve this issue, a solutions architect should update the Amazon Cognito identity pool configuration to assume the proper IAM role for access to the protected content. This will grant authenticated users the necessary permissions to access the protected resources stored in the S3 bucket. Option B is incorrect because updating the S3 ACL will only affect the permissions of the S3 bucket itself, not the authentication and authorization process managed by Amazon Cognito. Option C is also incorrect because redeploying the application to S3 will not change the permissions granted to authenticated users. Additionally, eventually consistent reads should not affect the ability of users to access the protected content if they have the proper permissions. Option D is incorrect because custom attribute mappings within the identity pool do not directly affect permissions to access protected content. Instead, these mappings enable Amazon Cognito to populate user attributes in the JWT, providing additional information about the user to downstream services.