Thank you for the feedback.
Thank you for your feedback.
This question has two options which are correct, and are independent of each other. Which means the implementation on 1 option is complete to satisfy all requirements on the question.
One correct option is: The application first authenticates against LDAP to retrieve the name of an IAM role associated with the user. It then assumes that role via call to IAM Security Token Service (STS). Afterwards, the application can now use the temporary credentials from the role to access the appropriate S3 bucket.
>> This option provides a complete answer as it first authenticates with the LDAP server to verify the user. There is no mention of identity broker on this option, but it states that the “application first authenticates against LDAP” which means the application itself is the broker. After the application successfully authenticates, it contacts the STS service to get the temporary security tokens that will be used for federation.
Let us know if you need further assistance. The Tutorials Dojo team is dedicated to helping you pass your AWS exam!
Kenneth Samonte @ Tutorials Dojo