Your company has recently extended its datacenter into a VPC on AWS. There is a requirement for on-premises users to manage AWS resources from the AWS console. You don’t want to create IAM users for them again. Which of the below options will fit your needs for authentication?

Answer options:

A.Use Auth 2.0 to retrieve temporary AWS security credentials to enable your members to sign in to the AWS Management Console.
B.Use web Identity Federation to retrieve AWS temporary security credentials to enable your members to sign in to the AWS Management Console.
C.Use your on-premises SAML2.0-compliant identity provider (IDP) to grant the members federated access to the AWS Management Console via the AWS single-sign-on (SSO) endpoint.
D.Use your on-premises SAML2.0-compliant identity provider (IDP) to retrieve temporary security credentials to enable members to sign in to the AWS management console.

Answer – C
You can use a role to configure your SAML 2.0-compliant IdP and AWS to permit your federated users to access the AWS Management Console. The role grants the user permissions to carry out tasks in the console.
For more information on AWS SAML, please visit the below URL
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html