AWS Certified SysOps Administrator SOA-C01 – Question763

An enterprise is using federated Security Assertion Markup Language (SAML) to access the AWS Management Console.
How should the SAML assertion mapping be configured?

A.
Map the group attribute to an AWS group. The AWS group is assigned IAM policies that govern access to AWS resources.
B. Map the policy attribute to IAM policies the federated user is assigned to. These policies govern access to AWS resources.
C. Map the role attribute to an AWS role. The AWS role is assigned IAM policies that govern access to AWS resources.
D. Map the user attribute to an AWS user. The AWS user is assigned specific IAM policies that govern access to AWS resources.

Correct Answer: C

Explanation:

Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/ id_roles_providers_create_saml_assertions.html