AWS Certified Solutions Architect – Associate (SAA-C03) — Question 747

An analytics company uses Amazon VPC to run its multi-tier services. The company wants to use RESTful APIs to offer a web analytics service to millions of users. Users must be verified by using an authentication service to access the APIs.

Which solution will meet these requirements with the MOST operational efficiency?

Answer options

• A. Configure an Amazon Cognito user pool for user authentication. Implement Amazon API Gateway REST APIs with a Cognito authorizer.
• B. Configure an Amazon Cognito identity pool for user authentication. Implement Amazon API Gateway HTTP APIs with a Cognito authorizer.
• C. Configure an AWS Lambda function to handle user authentication. Implement Amazon API Gateway REST APIs with a Lambda authorizer.
• D. Configure an IAM user to handle user authentication. Implement Amazon API Gateway HTTP APIs with an IAM authorizer.

Correct answer: A

Explanation

Amazon Cognito user pools provide a fully managed user directory that handles user registration and authentication, integrating natively with Amazon API Gateway REST APIs using a Cognito authorizer. This solution requires no custom code, making it the most operationally efficient choice. In contrast, using AWS Lambda requires custom coding and maintenance, while Cognito identity pools are meant for authorizing access to AWS resources rather than authenticating application users.