A development team is creating a mobile app that needs access to AWS resources such as S3 buckets and RDS instances. The team plans to configure a web identity federation with Google identity provider to manage user identities outside of AWS.
IAM roles have been created for the web identity federation. After users authenticate with Google, Secure Token Service (STS) has returned the AWS credentials to the app.
Which information exists in the STS response to AssumeRoleWithWebIdentity?

Answer options:

A.The credentials including SessionToken, SecretAccessKey and AccessKeyId.
B.The policy ARN that is used by the web identity IAM role.
C.The WebIdentityToken which is used to access AWS resources.
D.The SAMLAssertion returned by the Google identity provider.

Answer : A
Option A is CORRECT because the temporary security credentials returned by STS include SessionToken, SecretAccessKey, and AccessKeyId. Applications can use these credentials to sign calls to AWS service API operations.
Option B is incorrect because the policy ARN only appears in the AssumeRoleWithWebIdentity request to STS.
Option C is incorrect because the WebIdentityToken is provided by the identity provider. The token exists in the AssumeRoleWithWebIdentity request.
Option D is incorrect because there is no SAMLAssertion information, and the web identity federation does not use SAML.
Reference:
https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html.