Topic 1 Question 280
A company runs a custom online gaming application. The company uses Amazon Cognito for user authentication and authorization.
A security engineer wants to use AWS to implement fine-grained authorization on resources in the custom application. The security engineer must implement a solution that uses the user attributes that exist in Cognito. The company has already set up a user pool and an identity pool in Cognito.
Which solution will meet these requirements?
Create a set of IAM roles and IAM policies. Configure the Cognito identity pool to assign users to the IAM roles.
Create a policy store in Amazon Verified Permissions. Configure Cognito as the identity source. Map Cognito access tokens to the Verified Permissions schema.
Create customer managed permissions by using AWS Resource Access Manager (AWS RAM). Configure the Cognito identity pool to assign users to the customer managed permissions.
Create a set of IAM users and IAM policies. Configure the Cognito user pool to assign users to the IAM users.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: B
Explanation: Fine-grained authorization requires making access decisions based on user attributes, which go beyond standard IAM role-based access control. Amazon Verified Permissions provides policy-based access control (PBAC), allowing fine-grained authorization by evaluating policies against user attributes from Cognito. Mapping Cognito access tokens to Verified Permissions lets the application dynamically enforce access rules based on user attributes stored in Cognito.
👍 2Pat95952025/02/03 - 正解だと思う選択肢: B
B. Verified Permissions works closely with Amazon Cognito user pools. Amazon Cognito JWTs have a predictable structure. Verified Permissions recognizes this structure and draws maximum benefit from the information that it contains. For example, you can implement a role-based access control (RBAC) authorization model with either ID tokens or access tokens.
https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/identity-sources.html
👍 2layrnyh2025/02/22 - 正解だと思う選択肢: A
A is the most straightforward and common solution for implementing fine-grained authorization using user attributes in Amazon Cognito. The approach uses IAM roles and policies, which are well-integrated with Cognito identity pools and can be configured dynamically based on user attributes, enabling fine-grained access control.
👍 1youonebe2025/01/10
シャッフルモード