Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

Get $4 OFF in AWS Solutions Architect & Data Engineer Associate Practice Exams for $10.99 each ONLY!

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Developer Associate Review Mode Practice Set 5 – Q6

  • Review Mode Practice Set 5 – Q6

     Carlo-TutorialsDojo updated 2 years, 10 months ago 2 Members · 2 Posts
    AWS Certified Developer Associate

  • jram

    Member
    June 7, 2021 at 3:23 pm

    Hello, the explanation of this question says: “All of the options given provide temporary credentials to make API calls
    against AWS resources, but GetSessionToken is the only API that
    supports MFA”.

    However, AssumeRole is defined like – “It is useful for allowing existing IAM users
    to access AWS resources that they don’t already have access to. For
    example, the user might need access to resources in another AWS account.
    It is also useful as a means to temporarily gain privileged access—for
    example, to provide multi-factor authentication (MFA). You must call
    this API using existing IAM user credentials”.

    That clearly indicates that AssumeRole also supports MFA so GetSessionToken is not the only API that supports MFA. Could you clarify this point? Thank you in advance.

  • Carlo-TutorialsDojo

    Administrator
    June 9, 2021 at 12:28 am

    Hello Joyce,

    Thanks for your feedback.

    The given options in this question are the ff:

    AssumeRoleWithWebIdentity

    AssumeRoleWithSAML

    GetFederationToken

    GetSessionToken

    AssumeRole is not of them, hence the rationale, “all of the options given provide temporary credentials to make API calls against AWS resources, but GetSessionToken is the only API that supports MFA”

    Let me know if this answers your question.

    Regards,

    Carlo @ Tutorials Dojo

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now