AWS Certified Solutions Architect – Associate (SAA-C03) — Question 351

A company wants to restrict access to the content of one of its main web applications and to protect the content by using authorization techniques available on AWS. The company wants to implement a serverless architecture and an authentication solution for fewer than 100 users. The solution needs to integrate with the main web application and serve web content globally. The solution must also scale as the company's user base grows while providing the lowest login latency possible.

Which solution will meet these requirements MOST cost-effectively?

Answer options

• A. Use Amazon Cognito for authentication. Use Lambda@Edge for authorization. Use Amazon CloudFront to serve the web application globally.
• B. Use AWS Directory Service for Microsoft Active Directory for authentication. Use AWS Lambda for authorization. Use an Application Load Balancer to serve the web application globally.
• C. Use Amazon Cognito for authentication. Use AWS Lambda for authorization. Use Amazon S3 Transfer Acceleration to serve the web application globally.
• D. Use AWS Directory Service for Microsoft Active Directory for authentication. Use Lambda@Edge for authorization. Use AWS Elastic Beanstalk to serve the web application globally.

Correct answer: A

Explanation

Amazon Cognito is a fully managed, serverless authentication service that offers a generous free tier (up to 50,000 monthly active users), making it highly cost-effective for small user bases. Pairing Cognito with Lambda@Edge and Amazon CloudFront allows authorization checks to run at edge locations near the users, which minimizes login latency on a global scale. Options utilizing AWS Directory Service for Microsoft Active Directory are not serverless and carry high baseline hourly costs, while options without CloudFront fail to deliver the lowest possible latency globally.