Question #1339
Which AWS service allows applications to securely assume an IAM role and obtain temporary security credentials for accessing AWS resources?
AWS Identity and Access Management (IAM)
AWS Security Token Service (AWS STS)
AWS Key Management Service (AWS KMS)
AWS CloudTrail
Explanation
AWS STS (B) is designed to issue temporary security credentials that allow applications or users to assume IAM roles securely. These credentials are short-lived, enhancing security by reducing the risk of long-term key exposure.
- Why A (IAM) is incorrect: IAM manages users, roles, and permissions but does not directly issue temporary credentials. Roles are defined in IAM, but assuming a role and generating credentials is handled by STS.
- Why C (KMS) is incorrect: AWS KMS manages encryption keys and is unrelated to credential issuance.
- Why D (CloudTrail) is incorrect: CloudTrail logs API activity for auditing, not credential management.
Key Points: AWS STS enables cross-account access, federation, and temporary credentials for roles. Always use STS for short-term access to minimize security risks.
Answer
The correct answer is: B