One of the questions of the "Identity Access Management, S3 & Security Policies Quiz" asks:
"Which of the following can you achieve using Amazon Cognito? (Choose 2)"
The result view lists "Federated access to your web application for Active directory users" as a wrong answer.
I do not believe that this is 100% true.
Recently, I set up Active Directory using AWS Directory Service and connected it to AWS SSO .
Then I connected AWS SSO with a Cognito SAML identity provider .
Although this configuration (AWS Directory Service -> SSO -> SAML -> Cognito) is not officially documented by AWS, it is a valid solution and contradicts the correct answers to the question above.
What do you think?
Tough one. More importantly, what do the Amazon exam authors think?
I’ll ticket this to content development to review.
I need to look into this.
From a training perspective, we like to stick to the official AWS view as that is what the students will be tested on. However the fact that it works out of the box would seem to make it valid option official or not.
My initial thinking is that If I edit the question I would more likely constrain the question rather that accept an unofficial approach.
I am getting some other pinions and then we will change the questions 😉
Moderator & Coach
I’ve had a think about this and although what you’ve done is technically possible it may not be a supported scenario. It adds a bit of extra complexity that might make this setup difficult to manage. From an architectural best practice perspective, we should always seek to avoid unnecessary complexity where possible.
I will update the question to refer to ‘best practice’ rather than what is possible!
hope that helps