Your company has developed a web application using the AWS SDK to access data stored in an Amazon DynamoDB table. You want to ensure that the API keys for access to DynamoDB are kept secure, and you do not want to write your own sign-in code logic. Which of the following methods is the most appropriate?

Answer options:

A.Create an IAM user with access to the specific DynamoDB tables, and assign it to the application.
B.Configure your AWS access keys for the application to use the keys to access DynamoDB.C.Configure a web identity federation role within IAM to enable access to the correct DynamoDB resources and retrieve temporary credentials.
D.Store AWS keys in global variables within your application and configure the application to use these credentials when making requests.

Answer – C
With web identity federation, you don`t need to create custom sign-in code or manage your own user identities. Instead, users of your app can sign in using a well-known identity provider (IdP) —such as Login with Amazon, Facebook, Google, or any other OpenID Connect (OIDC)-compatible IdP, receive an authentication token, and then exchange that token for temporary security credentials in AWS that map to an IAM role with permissions to use the resources in your AWS account. Using an IdP helps you keep your AWS account secure, because you don`t have to embed and distribute long-term security credentials with your application.
For more information on Web Identity Federation, please refer to the below document:
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html