AWS Certified Developer – Associate (DVA-C02) — Question 16

A company has an application that uses Amazon Cognito user pools as an identity provider. The company must secure access to user records. The company has set up multi-factor authentication (MFA). The company also wants to send a login activity notification by email every time a user logs in.
What is the MOST operationally efficient solution that meets this requirement?

Answer options

• A. Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon API Gateway API to invoke the function. Call the API from the client side when login confirmation is received.
• B. Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon Cognito post authentication Lambda trigger for the function.
• C. Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Create an Amazon CloudWatch Logs log subscription filter to invoke the function based on the login status.
• D. Configure Amazon Cognito to stream all logs to Amazon Kinesis Data Firehose. Create an AWS Lambda function to process the streamed logs and to send the email notification based on the login status of each user.

Correct answer: B

Explanation

The correct answer is B because using an Amazon Cognito post-authentication Lambda trigger allows for direct invocation of the Lambda function right after a user logs in, ensuring efficient and streamlined processing. Options A and C require additional components that complicate the architecture and introduce latency, while option D involves unnecessary complexity by streaming logs, which is not as efficient as directly using the trigger.