AWS Certified Developer – Associate — Question 440

A developer is implementing user authentication and authorization for a web application that is hosted on an Amazon EC2 instance. The developer needs to ensure that the user credentials are encrypted and secure when they are stored and transmitted.
Which solution will meet these requirements?

Answer options

• A. Activate web server modules for authentication and authorization on the instance. Use HTTP basic authentication for the user login.
• B. Deploy a custom authentication and authorization API over HTTP. Store the user credentials on Amazon ElastiCache for Redis.
• C. Use Amazon Cognito to configure a user pool. Use the Amazon Cognito API to authenticate and authorize the users.
• D. Create IAM users. Assign the users to different IAM groups. Use AWS Single Sign-On to authenticate and authorize each user.

Correct answer: C

Explanation

Amazon Cognito user pools provide a fully managed, secure user directory that automatically handles the encryption of user credentials at rest and in transit. Implementing HTTP basic authentication (Option A) or custom APIs over unencrypted HTTP (Option B) exposes credentials to interception. Using IAM users (Option D) is intended for AWS resource management and is not suitable or scalable for end-user authentication in a web application.