A company wants to provide users with access to AWS resources. The company has 1,500 users and manages their access to on-premises resources through Active Directory user groups on the corporate network. The company does not want users to maintain another identity to access the resources. A solutions architect must manage user access to AWS resources while preserving access to the on-premises resources. What should the solutions architect do to meet these requirements?
Choose an answer
Tap an option to check your answer.
Correct answer: Configure Security Assertion Markup Language (SAML) 2.0-based federation. Create roles with the appropriate policies attached. Map the roles to the Active Directory groups..
Why this is the answer
The correct answer is to configure SAML 2.0-based federation. This allows the company to integrate their existing Active Directory with AWS, enabling users to sign in to AWS using their existing corporate credentials. By mapping Active Directory groups to AWS IAM roles, the company can manage permissions centrally and avoid creating duplicate identities. Creating an IAM user for each user is impractical for 1,500 users and requires managing separate credentials. Amazon Cognito is primarily for web and mobile applications and doesn't directly integrate with on-premises Active Directory for enterprise user management in this manner. Defining cross-account roles is for granting access between AWS accounts, not for integrating with an on-premises identity provider.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed