A photo-sharing service stores pictures in Amazon Simple Storage Service (S3) and allows
application sign-in using an OpenID Connect-compatible identity provider. Which AWS
Security Token Service approach to temporary access should you use for the Amazon S3
operations?
A.
SAML-based Identity Federation
B.
Cross-Account Access
C.
AWS Identity and Access Management roles
D.
Web Identity Federation
Explanation:
Web identity federation – You can let users sign in using a well-known third party identity
provider such as Login with Amazon, Facebook, Google, or any OpenID Connect (OIDC) 2.0
compatible provider.
AWS STS web identity federation supports Login with Amazon, Facebook, Google, and any
OpenID Connect (OICD)-compatible identity provider.