AWS Certified Solutions Architect – Professional SAP-C01 – Question617

A solutions architect is implementing federated access to AWS for users of the company’s mobile application. Due to regulatory and security requirements, the application must use a custom-built solution for authenticating users and must use IAM roles for authorization.
Which of the following actions would enable authentication and authorization and satisfy the requirements? (Choose two.)

A.
Use a custom-built SAML-compatible solution for authentication and AWS SSO for authorization.
B. Create a custom-built LDAP connector using Amazon API Gateway and AWS Lambda for authentication. Store authorization tokens in Amazon DynamoDB, and validate authorization requests using another Lambda function that reads the credentials from DynamoDB.
C. Use a custom-built OpenID Connect-compatible solution with AWS SSO for authentication and authorization.
D. Use a custom-built SAML-compatible solution that uses LDAP for authentication and uses a SAML assertion to perform authorization to the IAM identity provider.
E. Use a custom-built OpenID Connect-compatible solution for authentication and use Amazon Cognito for authorization.

Correct Answer: AC