AWS Certified Developer – Associate — Question 104

A developer wants to implement authentication using Amazon Cognito user pools for an existing API in Amazon API Gateway. After creating the Amazon Cognito user pool, the developer tests the GET request to the API. Unauthenticated requests to the API return a 200 OK status response.

Which combination of additional steps are required to complete the authentication implementation? (Choose two.)

Answer options

• A. Create an Amazon Cognito authorizer in API Gateway and specify the Amazon Cognito user pool.
• B. Create an AWS Lambda authorizer in API Gateway and specify the Amazon Cognito user pool.
• C. Specify the authorizer in the GET method section of API Gateway and redeploy the API
• D. Use Amazon Cognito user pools to make and authenticate the request to API Gateway.
• E. Create an Amazon Cognito authorizer in API Gateway and specify the Amazon Cognito identity pool.

Correct answer: A, C

Explanation

The correct answer is A and C because creating an Amazon Cognito authorizer in API Gateway allows the API to use the user pool for authentication, and specifying the authorizer in the GET method ensures that authentication is enforced for that method. Options B and E are incorrect as they refer to using a Lambda authorizer and an identity pool, which are not necessary in this scenario. Option D is also incorrect because it does not address the need for an authorizer in API Gateway.