Home › Forums › AWS › AWS Certified Solutions Architect Professional › Clarification on Review Mode 2 Question 65 › Reply To: Clarification on Review Mode 2 Question 65
-
Hi SalientListener,
Good day!
Thank you for your feedback.
To clarify why option (3) is correct, it is because it follows the correct sequence in conjunction with option (1). This means that it still uses an identity broker. The application first authenticates against LDAP to retrieve the name of an IAM role associated with the user and then assumes that role via a call to IAM Security Token Service (STS). The temporary credentials from this role allow access to the appropriate S3 bucket.
Option (2) is incorrect because, as explained in its explanation, it doesn’t follow the necessary sequence. It implies a direct interaction with STS without appropriately leveraging the identity broker to mediate the authentication process with LDAP.
I hope this clarifies the reasoning behind the correct answers. If you have more clarifications, pls let us know.
Regards,
Neil @ Tutorials Dojo