AWS Certified Developer – Associate (DVA-C02) — Question 442

A developer is working on a new authorization mechanism for an application. The developer must create an Amazon API Gateway API and must test JSON Web Token (JWT) authorization on the API.

The developer must use the built-in authorizer and must avoid managing the code with custom logic. The developer needs to define an API route that is available at /auth to test the authorizer configuration.

Which solution will meet these requirements?

Answer options

• A. Create a WebSocket API and the /auth route. Configure and attach the JWT authorizer to the API. Deploy the API.
• B. Create a WebSocket API and the /auth route. Create and configure an AWS Lambda authorizer. Attach the Lambda authorizer to the API. Deploy the API.
• C. Create an HTTP API and the /auth route. Create and configure an AWS Lambda authorizer. Attach the Lambda authorizer to the /auth route. Deploy the API.
• D. Create an HTTP API and the /auth route. Configure the JWT authorizer. Attach the JWT authorizer to the /auth route. Deploy the API.

Correct answer: D

Explanation

Amazon API Gateway HTTP APIs natively support built-in JWT authorizers, which eliminates the need to write and manage custom code. WebSocket APIs do not support native JWT authorizers, ruling out options A and B. Using an AWS Lambda authorizer, as suggested in option C, requires custom code management, which violates the requirement to use a built-in authorizer.