Home › Forums › AWS › AWS Certified Developer Associate › Review Mode Practice Set 5 – Q6
-
Review Mode Practice Set 5 – Q6
Carlo-TutorialsDojo updated 3 years, 4 months ago 2 Members · 2 Posts -
Hello, the explanation of this question says: “All of the options given provide temporary credentials to make API calls
against AWS resources, but GetSessionToken is the only API that
supports MFA”.However, AssumeRole is defined like – “It is useful for allowing existing IAM users
to access AWS resources that they don’t already have access to. For
example, the user might need access to resources in another AWS account.
It is also useful as a means to temporarily gain privileged access—for
example, to provide multi-factor authentication (MFA). You must call
this API using existing IAM user credentials”.That clearly indicates that AssumeRole also supports MFA so GetSessionToken is not the only API that supports MFA. Could you clarify this point? Thank you in advance.
-
Hello Joyce,
Thanks for your feedback.
The given options in this question are the ff:
AssumeRoleWithWebIdentity
AssumeRoleWithSAML
GetFederationToken
GetSessionToken
AssumeRole is not of them, hence the rationale, “all of the options given provide temporary credentials to make API calls against AWS resources, but GetSessionToken is the only API that supports MFA”
Let me know if this answers your question.
Regards,
Carlo @ Tutorials Dojo
Log in to reply.