A company has built a serverless application using Amazon API Gateway and AWS Lambda. The company wants to authorize API calls using OAuth 2.0 tokens provided by a third-party identity provider. Which solution requires the LEAST operational overhead?

Answer options:

Create a Lambda authorizer that validates the OAuth 2.0 token.

Configure an Amazon Cognito User Pool as an authorizer in API Gateway.

Use AWS IAM authorization and map the tokens to IAM roles.

Implement token validation logic inside the backend Lambda function.

How to approach this question

Look for native integrations. API Gateway + Cognito User Pools is the standard, low-overhead way to handle OAuth/JWT tokens.

Full Answer

B.Configure an Amazon Cognito User Pool as an authorizer in API Gateway.✓ Correct

Configure an Amazon Cognito User Pool as an authorizer in API Gateway.

Amazon API Gateway can use Amazon Cognito User Pools as an authorizer. This allows API Gateway to natively validate the OAuth 2.0 JWT tokens provided by Cognito (which can federate with third-party IdPs) without requiring you to write custom Lambda authorizer code.

Common mistakes

Choosing Lambda authorizer, which works but requires more operational overhead (custom code).

Question 11 All questions Question 13

Practice the full AWS SAA-C03 Practice Exam 1

65 questions · hints · full answers · grading

More questions from this exam

Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...Medium Q02A solutions architect is designing an application that will run on Amazon EC2 instances. The appl...Easy Q03A company wants to implement a federated identity solution for its employees to access the AWS Ma...Medium Q04A mobile application needs to access Amazon DynamoDB directly to read user-specific data. The app...Hard Q05A company is hosting a web application on Amazon EC2 instances. The application connects to an Am...Medium

View all 65 questions →