AWS Certified Developer – Associate (DVA-C02) — Question 454

A company has an application that uses an Amazon Cognito user pool for authentication. A developer needs to add a new REST API that will use the user pool to authenticate requests.

Which solution will meet this requirement with the LEAST development effort?

Answer options

• A. Create a new API key and a new usage plan. Associate the API key and the REST API with the usage plan.
• B. Create a Cognito authorizer for the correct user pool. Reference the header that contains the Cognito token.
• C. Create an AWS Lambda token authorizer. Reference the authorization token in the event payload. Authenticate requests based on the token value.
• D. Create an AWS Lambda request authorizer. Reference the authorization header in the event payload. Authenticate requests by using the header value in a request to the Cognito API.

Correct answer: B

Explanation

Using a native Amazon Cognito authorizer in API Gateway requires the least development effort because it integrates directly with the user pool without requiring any custom code. AWS Lambda authorizers (both token and request types) would require writing, testing, and maintaining custom code to validate the tokens. API keys and usage plans are designed for rate-limiting and usage tracking rather than authenticating users via Cognito.