Domain 1.1: Secure Access — AWS SAA-C03 Practice Question 15

How to approach this question

Identify the service that handles third-party identity federation and integrates natively with API Gateway.

Full Answer

A.Use an Amazon Cognito User Pool as an authorizer for the API Gateway.✓ Correct

Use an Amazon Cognito User Pool as an authorizer for the API Gateway.

Amazon Cognito User Pools support federation with OIDC providers. You can configure an API Gateway method to use a Cognito User Pool authorizer, which validates the JWT token provided by the client before allowing the request to reach the backend.

Common mistakes

Choosing to implement validation in Lambda, which violates the best practice of offloading authorization to the API Gateway layer.

An application uses Amazon API Gateway and AWS Lambda. The API is public, but the company wants to restrict access so that only users who have authenticated via a third-party OpenID Connect (OIDC) identity provider can call the API. <br/><br/>What is the MOST appropriate way to secure the API?

How to approach this question

Full Answer

Common mistakes

Practice the full AWS SAA-C03 Practice Exam 4

More questions from this exam