A company is building a serverless application using AWS Lambda and Amazon API Gateway. They need to secure the API against unauthorized access. The users authenticate via a third-party Identity Provider (IdP) that supports OpenID Connect (OIDC). Which TWO methods can be used to authorize API requests? (Select TWO)

Answer options:

Use an API Gateway Lambda authorizer to validate the OIDC token.

Integrate the IdP with Amazon Cognito User Pools and use a Cognito authorizer in API Gateway.

Use AWS IAM Identity Center to generate temporary AWS credentials for the API.

Configure API Gateway to use AWS WAF to validate the OIDC token.

Use Amazon Macie to inspect the incoming tokens.

Enable API Gateway resource policies to allow the IdP's IP address.

How to approach this question

Identify the two API Gateway features used for custom or federated authentication (Lambda Authorizer and Cognito Authorizer).

Full Answer

API Gateway supports Amazon Cognito authorizers (which can federate with OIDC IdPs) and Lambda authorizers (which allow you to write custom code to validate JWTs/OIDC tokens).

Common mistakes

Thinking WAF can be used as an identity provider/token validator.

Question 56 All questions Question 58

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 1

75 questions · hints · full answers · grading

More questions from this exam

Q01An enterprise has 50 VPCs across two AWS Regions. They need to establish transitive routing betwe...Hard Q02A company uses AWS Organizations. The security team wants to ensure that no IAM user or role can ...Medium Q03An application requires a relational database with an RPO of 1 second and an RTO of less than 1 m...Hard Q04A company is setting up a new multi-account environment. They want to automate the provisioning o...Medium Q05An organization wants to allocate AWS costs to specific business units. They use AWS Organization...Hard

View all 75 questions →