Which two approaches can satisfy these objectives?

A corporate web application is deployed within an Amazon Virtual Private Cloud (VPC) and is connected to the corporate data center via an IPsec VPN. The application must authenticate against the on-premises LDAP server. After authentication, each logged-in user can only access an Amazon Simple Storage Space (53) keyspace specific to that user.

Which two approaches can satisfy these objectives? (Choose 2 answers)
A . Develop an identity broker that authenticates against lAM security Token service to assume a Lam role in order to get temporary AWS security credentials The application calls the identity broker toget AWS temporary security credentials with access to the appropriate 53 bucket.
B . The application authenticates against LDAP and retrieves the name of an lAM role associated with the user. The application then ca lls the lAM Security Token Service to assume that lAM role The application can use the temporary credentials to access the appropriate 53 bucket.
C . Develop an identity broker that authenticates against LDAP and then calls lAM Security To ken Service to get lAM federated user credentials The application calls the identity broker to get lAMfederated user credentials with access to the appropriate 53 bucket.
D . The application authenticates against LDAP the application then calls the AWS identity and Access Management (lAM) Security service to log in to lAM using the LDAP credentials the application can use the lAM temporary credentials to access the appropriate 53 bucket.
E . The application authenticates against lAM Security Token Service using the LDAP credentials the application uses those temporary AWS security credentials to access the appropriate 53 bucket.

View Answer

Answer: B, C