Your fortune 500 company has under taken a TCO analysis evaluating the use of Amazon S3 versus acquiring
more hardware The outcome was that ail employees would be granted access to use Amazon S3 for storage of
their personal documents.
Which of the following will you need to consider so you can set up a solution that incorporates single sign-on
from your corporate AD or LDAP directory and restricts access for each user to a designated user folder in a
bucket? (Choose 3 Answers)
A.
Setting up a federation proxy or identity provider
B.
Using AWS Security Token Service to generate temporary tokens
C.
Tagging each folder in the bucket
D.
Configuring IAM role
E.
Setting up a matching IAM user for every user in your corporate directory that needs access to a folder in
the bucket
A, B, D
http://www.aiotestking.com/amazon/you-need-to-consider-so-you-can-set-up-a-solution-that-incorporates-single-sign-on-from/
Pick 3 out of 5 means look for 2 that don’t make sense in my head
Tagging each folder is not necessary
Setting up an IAM user for each user defeats the purpose of AD federation proxy
Answer: A,B & D
Professional Solution Architect question.
Refer: http://jayendrapatil.com/iam-role-identity-providers-federation/