A company requires federated access to AWS for users of a mobile application. The security team has mandated that the application must use a custom-built solution for authenticating users and use IAM roles for authorization. Which of the following actions would enable authentication and authorization and satisfy the requirements? (Select TWO.)