AWS Certified Solutions Architect Associate SAA-C03 Practice Question

The best solution is to set up identity federation using AWS IAM roles with Security Assertion Markup Language (SAML) integration to the company's corporate identity provider (IdP). This approach enables employees to authenticate using their existing corporate credentials and assume IAM roles to access AWS services. It minimizes administrative overhead by removing the need to create and manage individual IAM user accounts in AWS. This method adheres to security best practices by enforcing the principle of least privilege through role-based access control.

Creating individual IAM user accounts for all employees increases management complexity and potential security risks associated with credential management. Using AWS Directory Service to synchronize the corporate directory is unnecessary if SAML federation is available as it adds extra complexity and cost. Implementing Amazon Cognito is more suitable for customer-facing web and mobile applications as it provides user login service via social media profile. Hence, is not designed for providing federated access to AWS resources for internal employees.