AWS Certified Solutions Architect - Professional

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Activate AWS IAM Identity Center (AWS Single Sign-On), configuring the directory as an external SAML-using identity provider (IdP). Implement automatic provisioning. Develop a new IAM role with a SAML 2.0 federation entity type. Craft a role policy allowing ALB access. Attach this role to all relevant groups. Establish a listener rule for the ALB, using the authenticate-cognito action.

The correct answer is D. The question specifies that the company needs to authenticate users to the application by using an existing AWS Directory Service for Microsoft Active Directory directory. AWS IAM Identity Center (formerly AWS Single Sign-On) is designed to work seamlessly with Microsoft Active Directory, especially for internal applications within an intranet. The solution involves configuring the directory as an external identity provider using SAML, creating necessary IAM roles with SAML 2.0 federation, and setting up listener rules with the appropriate authentication action for the ALB. This ensures a streamlined integration and access management consistent with the company's requirements.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company operates an intranet web application on Amazon EC2 instances, managed by an Application Load Balancer (ALB). Initially, user authentication was handled through an internal user database. The company now requires integration with an existing AWS Directory Service for Microsoft Active Directory to authenticate all users with directory accounts. What solution should be implemented to meet this requirement?

Exam-Like

Develop a new application client within the directory. Establish a listener rule for the ALB, utilizing the authenticate-oidc action. Set up the rule with the necessary issuer, client ID, secret, and endpoint details for the Active Directory service. Ensure the new application client is configured with the ALB's provided callback URL.

10.0%

Set up an Amazon Cognito user pool, integrating it with a federated identity provider (IdP) that contains metadata from the directory. Generate an application client, linking it to the user pool. Create a listener rule for the ALB, specifying the authenticate-cognito action. Configure the rule to utilize the user pool and application client.

20.0%

Integrate the directory as a new IAM identity provider (IdP). Establish a new IAM role with a SAML 2.0 federation entity type. Define a role policy granting access to the ALB. Set this role as the default for authenticated users associated with the IdP. Create a listener rule for the ALB, employing the authenticate-oidc action.

20.0%

Activate AWS IAM Identity Center (AWS Single Sign-On), configuring the directory as an external SAML-using identity provider (IdP). Implement automatic provisioning. Develop a new IAM role with a SAML 2.0 federation entity type. Craft a role policy allowing ALB access. Attach this role to all relevant groups. Establish a listener rule for the ALB, using the authenticate-cognito action.