Home › Forums › AWS › AWS Certified Solutions Architect Professional › External User Authorization into S3>
-
External User Authorization into S3>
Kenneth-Samonte-Tutorials-Dojo updated 1 year, 7 months ago 2 Members · 2 Posts -
For the question: “A government technology agency has recently hired a team to build a mobile tax app that allows users to upload their tax deductions and income records using their devices. The app would also allow users to view or download their uploaded files later on. These files are confidential, tax-related documents that need to be stored in a single, secure S3 bucket. The mobile app’s design is to allow the users to upload, view, and download their files directly from an Amazon S3 bucket via the mobile app. Since this app will be used by potentially hundreds of thousands of taxpayers in the country, the solutions architect must ensure that proper user authentication and security features are in place.”
The correct answer involves RDS, and assigning an IAM S3 role on successful authentication. However, won’t this solution be utterly missing any object-level controls, because of just using IAM roles? What’s the mechanism for keeping individual taxpayers from accessing each other’s data, since everything’s just piled in the same bucket?
This situation seems tailor-made for Cognito, since the Cognito user can be part of their S3 permissions: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_cognito-bucket.html
-
Hi PeterMescher,
Thank you for the feedback.
I understand that Amazon Cognito could be a possible solution for this particular scenario.
On AWS there are multiple solutions that may accomplish the same outcome. Some solutions are preferable than others depending on the scenario.
On this particular question, we want to create complex scenario that involves RDS and Amazon S3 access with IAM permissions. We have other questions on our question bank that we have similar authentication scenario with Amazon Cognito. For this question, we want to provide some alternative solutions that previous answers.Please note that this is a Professional level exam and we try to mimic AWS scenarios. Some of the questions do not explicitly show the obvious keywords or phrases that will easily point to the answer.
Hope this helps.
Let us know if you need further assistance. The Tutorials Dojo team is dedicated to helping you pass your AWS exam!
Regards,
Kenneth Samonte @ Tutorials Dojo
Log in to reply.