AWS Certified Developer Associate DVA-C01 – Question280

A front-end web application is using Amazon Cognito user pools to handle the user authentication flow. A developer is integrating Amazon DynamoDB into the application using the AWS SDK for JavaScript.
How would the developer securely call the API without exposing the access or secret keys?

A.
Configure Amazon Cognito identity pools and exchange the JSON Web Token (JWT) for temporary credentials.
B. Run the web application in an Amazon EC2 instance with the instance profile configured.
C. Hardcore the credentials, use Amazon S3 to host the web application, and enable server-side encryption.
D. Use Amazon Cognito user pool JSON Web Tokens (JWITs) to access the DynamoDB APIs.