A company hosts a web application from an Amazon S3 bucket. The application uses Amazon Cognito to authenticate users and returns a JSON Web Token (JWT) that grants access to protected resources stored in another S3 bucket. After deployment, users report errors and cannot access the protected content. A solutions architect must provide the correct permissions so users can access the protected content. Which solution meets these requirements?
Choose an answer
Tap an option to check your answer.
Correct answer: Update the Amazon Cognito identity pool to assume the proper IAM role for access to the protected content..
Why this is the answer
The correct solution is to update the Amazon Cognito identity pool to assume the proper IAM role for access to the protected content. Amazon Cognito Identity Pools allow you to grant authenticated users temporary AWS credentials to access AWS services directly. By configuring the identity pool with an IAM role that has permissions to the protected S3 bucket, users authenticated through Cognito will receive credentials that allow them to access the protected content. Updating the S3 ACL is incorrect because ACLs are generally used for object-level permissions and are not the primary mechanism for granting authenticated application users access to S3 buckets via Cognito. Redeploying the application is irrelevant to permission issues. Custom attribute mappings in Cognito are for user profile data, not for granting AWS resource access.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed