AWS Certified Developer – Associate — Question 393

A developer is building an application that runs behind an Application Load Balancer (ALB). The ALB is configured as the origin for an Amazon CloudFront distribution. Users will log in to the application by using their social media accounts.
How can the developer authenticate users?

Answer options

• A. Validate the users by inspecting the tokens in an AWS Lambda authorizer on the ALB.
• B. Configure the ALB to use Amazon Cognito as one of the authentication providers.
• C. Configure CloudFront to use Amazon Cognito as one of the authentication providers.
• D. Validate the users by calling the Amazon Cognito API in an AWS Lambda authorizer on the ALB.

Correct answer: B

Explanation

Application Load Balancers (ALBs) natively support integration with Amazon Cognito to authenticate users through social identity providers. This built-in feature allows the ALB to offload the authentication process securely without requiring custom code. Using AWS Lambda authorizers on the ALB is not natively supported in the same way it is on API Gateway, and CloudFront does not have a direct built-in configuration for Cognito authentication providers.