🔥 3-day streak
AWS Certified Security - Specialty148 / 157
Question 148 of 157
A company is building a mobile application that must call an Amazon DynamoDB table on behalf of end users. Users authenticate through a public OpenID Connect (OIDC) identity provider (such as Google or a Cognito user pool acting as an OIDC IdP). The security team requires that the mobile app never embed long-term AWS credentials and that each user receive only temporary credentials scoped to their own data. Which approach meets these requirements with the least long-term credential exposure?
Reviewed for accuracy · Report an issueNext question