Question 232:
Your company uses a web identity federation to manage user identities. Some users call the AssumeRoleWithWebIdentity API to assume an IAM role to access the AWS RDS resources. The session duration is set as 1 hour. Users complain that the timer is too short and increase the DurationSeconds to 2 hours in the AssumeRoleWithWebIdentity API. However, the operation has failed. How would you resolve this problem?
Answer options:
A.The maximum session duration is defined in the web identity provider. Check its settings and make sure the maximum session duration is over 2 hours. B.The session duration defined in AssumeRoleWithWebIdentity API is 1 hour and cannot be modified. Users need to resend the API for the credentials before the session expires. C.The session duration can not be more than the maximum value set in the IAM role. Check the maximum session duration setting for the IAM role and increase the value if needed. D.The change needs to be done in the Google identity provider. Sign up as a developer with the Google IdP and configure the app with the new session timeout.
