AWS Certified Solutions Architect – Professional — Question 856

A company has released a new version of a website to target an audience in Asia and South America. The website's media assets are hosted on Amazon S3 and have an Amazon CloudFront distribution to improve end-user performance. However, users are having a poor login experience, the authentication service is only available in the us-east-1 AWS Region.
How can the Solutions Architect improve the login experience and maintain high security and performance with minimal management overhead?

Answer options

• A. Replicate the setup in each new geography and use Amazon Route 53 geo-based routing to route traffic to the AWS Region closest to the users.
• B. Use an Amazon Route 53 weighted routing policy to route traffic to the CloudFront distribution. Use CloudFront cached HTTP methods to improve the user login experience.
• C. Use Amazon Lambda@Edge attached to the CloudFront viewer request trigger to authenticate and authorize users by maintaining a secure cookie token with a session expiry to improve the user experience in multiple geographies.
• D. Replicate the setup in each geography and use Network Load Balancers to route traffic to the authentication service running in the closest region to users.

Correct answer: C

Explanation

Amazon Lambda@Edge allows running custom code closer to users at CloudFront edge locations, which significantly reduces latency for the authentication process with minimal administrative effort. Replicating the entire backend setup across multiple AWS regions as suggested in other options would introduce high operational complexity and cost. Additionally, caching authentication requests using standard HTTP caching is insecure and ineffective, making Lambda@Edge the ideal secure and low-overhead solution.