A company hosts an application that uses Amazon Cognito for user management. The application fetches data from Amazon DynamoDB via a REST API in Amazon API Gateway. The company wants an AWS-managed solution to control access to the REST API with minimal development effort. Which solution provides the least operational overhead?
Choose an answer
Tap an option to check your answer.
Correct answer: Configure an Amazon Cognito user pool authorizer in API Gateway to allow Amazon Cognito to validate each request..
Why this is the answer
The correct answer is to configure an Amazon Cognito user pool authorizer in API Gateway. This is an AWS-managed solution specifically designed for integrating Amazon Cognito with API Gateway, providing native authentication and authorization with minimal development effort and operational overhead. API Gateway directly validates tokens issued by the Cognito User Pool. Configuring an AWS Lambda function as an authorizer would require writing and maintaining custom code for token validation, increasing development effort and operational overhead. Creating and assigning API keys for each user, validated by a Lambda function, is also a custom solution that adds significant management complexity and is not ideal for user authentication. Sending an email address in the header and validating it with a Lambda function is insecure and requires custom logic for authentication and authorization, which is not an AWS-managed solution for Cognito integration.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed