ExpertMedium1 markMultiple Choice
AWS SAA-C03 · Question 20 · Domain 1.2: Secure Workloads
A company exposes a REST API using Amazon API Gateway. They want to restrict access to the API so that only authenticated users from their Amazon Cognito User Pool can call it. Which TWO steps are required? (Select TWO.)
A company exposes a REST API using Amazon API Gateway. They want to restrict access to the API so that only authenticated users from their Amazon Cognito User Pool can call it. Which TWO steps are required? (Select TWO.)
Answer options:
A.
Create a Cognito User Pool authorizer in API Gateway.
B.
Configure the API methods to use the authorizer.
C.
Use AWS WAF to validate the Cognito tokens.
D.
Create an IAM role for API Gateway to access Cognito.
E.
Enable CORS on the API Gateway.
How to approach this question
Identify the API Gateway feature for Cognito integration.
Full Answer
Create a Cognito User Pool authorizer in API Gateway. Configure the API methods to use the authorizer.
To secure API Gateway with Cognito, you create a Cognito User Pool authorizer and then configure your API methods to require that authorizer.
Common mistakes
Thinking WAF or IAM roles are required for basic Cognito token validation.
Practice the full AWS SAA-C03 Practice Exam 2
65 questions · hints · full answers · grading
More questions from this exam
Q01A company wants to ensure that no AWS resources can be created in the ap-northeast-1 region acros...EasyQ02A web application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The com...EasyQ03A company is storing highly sensitive data in an Amazon S3 bucket. The security team requires tha...MediumQ04An application running on an EC2 instance needs to access an Amazon DynamoDB table in a different...HardQ05A company needs to store database credentials securely. The credentials must be automatically rot...Medium