AWS Certified Developer – Associate (DVA-C02) — Question 295

A developer is designing a serverless application for a game in which users register and log in through a web browser. The application makes requests on behalf of users to a set of AWS Lambda functions that run behind an Amazon API Gateway HTTP API.

The developer needs to implement a solution to register and log in users on the application's sign-in page. The solution must minimize operational overhead and must minimize ongoing management of user identities.

Which solution will meet these requirements?

Answer options

• A. Create Amazon Cognito user pools for external social identity providers. Configure IAM roles for the identity pools.
• B. Program the sign-in page to create users' IAM groups with the IAM roles attached to the groups.
• C. Create an Amazon RDS for SQL Server DB instance to store the users and manage the permissions to the backend resources in AWS.
• D. Configure the sign-in page to register and store the users and their passwords in an Amazon DynamoDB table with an attached IAM policy.

Correct answer: A

Explanation

Amazon Cognito user pools and identity pools provide a fully managed authentication and authorization service, which minimizes operational overhead by offloading identity management to trusted external social providers. Options B, C, and D are incorrect because they require the developer to manually manage user credentials, database infrastructure, or complex IAM policies, which significantly increases operational and security overhead.