AWS Certified Cloud Practitioner / Question #1339 of 719

Question #1339

Which AWS service allows applications to securely assume an IAM role and obtain temporary security credentials for accessing AWS resources?

A

AWS Identity and Access Management (IAM)

B

AWS Security Token Service (AWS STS)

C

AWS Key Management Service (AWS KMS)

D

AWS CloudTrail

Explanation

AWS STS (B) is designed to issue temporary security credentials that allow applications or users to assume IAM roles securely. These credentials are short-lived, enhancing security by reducing the risk of long-term key exposure.

- Why A (IAM) is incorrect: IAM manages users, roles, and permissions but does not directly issue temporary credentials. Roles are defined in IAM, but assuming a role and generating credentials is handled by STS.
- Why C (KMS) is incorrect: AWS KMS manages encryption keys and is unrelated to credential issuance.
- Why D (CloudTrail) is incorrect: CloudTrail logs API activity for auditing, not credential management.

Key Points: AWS STS enables cross-account access, federation, and temporary credentials for roles. Always use STS for short-term access to minimize security risks.

Answer

The correct answer is: B