A company uses Microsoft Active Directory for access management for on-premises resources, and wants to use the same mechanism for accessing its AWS accounts. Additionally, the Development team plans to launch a public facing application for which they need a separate authentication solution.
Which combination of the following would satisfy these requirements? (Choose two.)
A. Set up domain controllers on Amazon EC2 to extend the on-premises directory to AWS.
B. Establish network connectivity between on-premises and the user’s VPC.
C. Use Amazon Cognito user pools for application authentication.
D. Use AD Connector for application authentication.
E. Set up federated sign-in to AWS through ADFS and SAML.
It is not clear. Please have a look to bellow link
https://docs.aws.amazon.com/directoryservice/latest/admin-guide/what_is.html
I guess about :
– “same mechanism for accessing its AWS accounts”. Correct answer is : D. Use AD Connector for application authentication.
– “to launch a public facing application”. Correct answer is: C. Use Amazon Cognito user pools for application authentication.
So for my correct answer are D & C.
Sorry both D & C talk about application authentication so both cant be the solution.
I guess it is: C & E
– “same mechanism for accessing its AWS accounts”. Correct answer is :E. Set up federated sign-in to AWS through ADFS and SAML.
Correct answers are C and E.
The requirement has 2 important objectives. The company wants on-premise AD to authenticate for both existing on-premise resources and an incoming public-facing application.
Amazon Cognito user pool with SAML ID provider (ADFS) meets it. Amazon Cognito user pool can integrate with applications easily.
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-saml-idp.html
The combination of option A and B provides only extending on-premise AD to AWS. It does not provide an authentication for applications.
https://aws.amazon.com/blogs/security/securely-extend-and-access-on-premises-active-directory-domain-controllers-in-aws/
The combination of option B and D provides an user authentication for AWS management console by on-premise AD.
https://aws.amazon.com/premiumsupport/knowledge-center/enable-active-directory-console-access/
C&E
AA
B&E
C, E is correct