DVA-C02 · Question #485
A company has an application that uses an Amazon Cognito user pool for authentication. A developer needs to add a new REST API that will use the user pool to authenticate requests. Which solution will
The correct answer is B. Create a Cognito authorizer for the correct user pool. Reference the header that contains the. A Cognito authorizer is a native API Gateway feature that validates JWTs from a Cognito user pool with no custom code, making it the lowest-effort solution for Cognito-based authentication.
Question
A company has an application that uses an Amazon Cognito user pool for authentication. A developer needs to add a new REST API that will use the user pool to authenticate requests. Which solution will meet this requirement with the LEAST development effort?
Options
- ACreate a new API key and a new usage plan. Associate the API key and the REST API with the
- BCreate a Cognito authorizer for the correct user pool. Reference the header that contains the
- CCreate an AWS Lambda token authorizer. Reference the authorization token in the event
- DCreate an AWS Lambda request authorizer. Reference the authorization header in the event
How the community answered
(34 responses)- A3% (1)
- B94% (32)
- C3% (1)
Why each option
A Cognito authorizer is a native API Gateway feature that validates JWTs from a Cognito user pool with no custom code, making it the lowest-effort solution for Cognito-based authentication.
API keys and usage plans are mechanisms for throttling and metering API access, not for authenticating users via a Cognito user pool.
API Gateway natively supports Cognito User Pool Authorizers, which automatically validate the Authorization header token against the specified Cognito user pool; this requires only configuration in the console or IaC with no Lambda function code to write or maintain.
A Lambda token authorizer requires writing, deploying, and maintaining custom Lambda code to validate the Cognito JWT, which is significantly more development effort than using the native Cognito authorizer.
A Lambda request authorizer also requires custom Lambda code and inspects the full request context, adding unnecessary development overhead when the native Cognito authorizer already handles this use case.
Concept tested: API Gateway Cognito User Pool Authorizer configuration
Source: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html
Community Discussion
No community discussion yet for this question.