Exam AWS Certified Developer Associate topic 1 question 64 discussion

For me its A. Option B) Identity pool are used to request permissions to access aws resources not for login. Option C) I am using S3 with a serverless application and also only 1 EC2 instance is not enough to serve multiple users. D)IAM permissions are more for internal aws accoun users not end users

A) Correct - Amazon Cognito is specifically designed for authentication and user management in serverless applications. It provides built-in features for user registration, sign-in, and sign-out,

A. Create an Amazon Cognito user pool and an app client. Configure the app client to use the user pool and provide the hosted web UI provided for sign-up and sign-in. Here's why this is the most suitable option: Amazon Cognito is a fully managed identity provider service that offers authentication and authorization capabilities. It is designed to handle user registration and authentication with ease. Creating an Amazon Cognito user pool allows you to securely manage user registration, sign-up, and sign-in processes for your application. It provides features like multi-factor authentication, password policies, and user attribute customization.

Can someone explain me why we don't use Amazon Cognito Identity pools? The application, a part from the authentication process, needs to access AWS resources like API Gateway and the Web site on S3. Since we are using these services, shouldn't we use Identity pools?

Option A is the best option because it provides a solution that is easy to configure and implement while providing secure registration and authentication for the application.

Saw this question in the exam today (Feb 2023)

The answer is A - cognito user pools. For those who are saying B (cognito identity pools), please read about the difference between the two of these services. User pools provide sign-up and login kind of functionality, whereas identity pools are for authentication to AWS services and they give the client a temporary IAM access.

My answer is A. Everything related to S3 and DynDb is already done, the question is tricky. The only requirement is signup and authentication, which is a Cognito User Pool side.

Keywords "provides registration and authentication" not authorization. So A it is

I'm inclined toward option B

B meets both requirements. I would say https://docs.aws.amazon.com/cognito/latest/developerguide/iam-roles.html

B meets both requirements: "securely provides registration and authentication for the application" "minimizing the amount of configuration".

i choose A, but none of the answers mentions accessing dynamo db. i'm assuming lambda is accessing dynamo db

Amazon Cognito User Pools are used for authentication. Identity Pools are used for User Authorization.

A. Twist of words when author describes application architecture within the question. For this qn it’s should be in the perspective of client instead of software engineer.

The question clearly states it needs registration and authentication. Plus the answer B is wrong as it states mapping the IAM users with Identity roles

It should be B as we are talking about giving access to S3 and dynamoDB from it.