AWS Certified Security - Specialty (#90)

A Security Engineer is working with a Product team building a web application on AWS. The application uses Amazon S3 to host the static content, Amazon API Gateway to provide RESTful services; and Amazon DynamoDB as the backend data store. The users already exist in a directory that is exposed through a SAML identity provider. Which combination of the following actions should the Engineer take to enable users to be authenticated into the web application and call APIs? (Choose three.)

Create a custom authorization service using AWS Lambda.
Configure a SAML identity provider in Amazon Cognito to map attributes to the Amazon Cognito user pool attributes.
Configure the SAML identity provider to add the Amazon Cognito user pool as a relying party.
Configure an Amazon Cognito identity pool to integrate with social login providers.
Update DynamoDB to store the user email addresses and passwords.
Update API Gateway to use a