Question 229:
You are in charge of migrating on-premises infrastructure and applications to the AWS platform. The company already has a local identity provider and prefers to continue using it in AWS. Most developers and QA engineers need to log in to the AWS Management Console to control AWS resources. And they do not want to remember another password for the AWS access. How would you configure the identity services?
Answer options:
A.Create an AWS Managed Microsoft AD and configure a trust relationship between AWS Managed Microsoft AD and the existing local IdP. Configure users and groups with access to resources in AWS, using single sign-on (SSO). B.Establish the trust between a local OIDC-compatible IdP and your AWS account. Users sign in using the local OIDC IdP, get an authentication token and then log in to the AWS Management Console with the token. C.Create a Simple AD in AWS which is powered by a Samba 4 Active Directory Compatible Server. Enable federated access to the AWS Management Console via the AWS single sign-on endpoint. D.Create an IAM SAML 2.0 identity provider and create an AWS role that permits your organization`s IdP to request temporary security credentials for access to AWS and configure the relying party trust between your IdP and AWS.