AWS Certified Solutions Architect – Associate (SAA-C03) — Question 827

A company wants to restrict access to the content of its web application. The company needs to protect the content by using authorization techniques that are available on AWS. The company also wants to implement a serverless architecture for authorization and authentication that has low login latency.

The solution must integrate with the web application and serve web content globally. The application currently has a small user base, but the company expects the application's user base to increase.

Which solution will meet these requirements?

Answer options

• A. Configure Amazon Cognito for authentication. Implement Lambda@Edge for authorization. Configure Amazon CloudFront to serve the web application globally.
• B. Configure AWS Directory Service for Microsoft Active Directory for authentication. Implement AWS Lambda for authorization. Use an Application Load Balancer to serve the web application globally.
• C. Configure Amazon Cognito for authentication. Implement AWS Lambda for authorization. Use Amazon S3 Transfer Acceleration to serve the web application globally.
• D. Configure AWS Directory Service for Microsoft Active Directory for authentication. Implement Lambda@Edge for authorization. Use AWS Elastic Beanstalk to serve the web application globally.

Correct answer: A

Explanation

Amazon Cognito provides a fully managed, serverless authentication service that automatically scales to support growing user bases. Combining Amazon CloudFront with Lambda@Edge ensures low-latency authorization by executing authorization logic at edge locations closest to the users. Alternatives using AWS Directory Service or standard AWS Lambda with Application Load Balancer are incorrect as they do not offer a fully serverless, edge-optimized global delivery model.