A company has a web application hosted on EC2 instances behind an Application Load Balancer (ALB). They want to authenticate users using their corporate Microsoft Active Directory (on-premises) before allowing access to the application. Which solution requires the LEAST custom code?

Answer options:

Deploy a custom authentication service on EC2 to validate credentials against AD.

Configure the ALB to authenticate users via Amazon Cognito User Pools, and federate Cognito with the on-premises AD using SAML.

Use AWS IAM Identity Center to protect the ALB.

Configure the ALB to use AWS Directory Service directly.

How to approach this question

Identify the native ALB authentication integration.

Full Answer

B.Configure the ALB to authenticate users via Amazon Cognito User Pools, and federate Cognito with the on-premises AD using SAML.✓ Correct

Configure the ALB to authenticate users via Amazon Cognito User Pools, and federate Cognito with the on-premises AD using SAML.

Application Load Balancers natively support authenticating users via Amazon Cognito. Cognito acts as an identity broker, federating with the corporate AD via SAML 2.0. The ALB handles the OIDC flow automatically.

Common mistakes

Assuming ALB can talk directly to Active Directory.

Question 50 All questions Question 52

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 2

75 questions · hints · full answers · grading

More questions from this exam

Q01A company is setting up a multi-account AWS environment using AWS Organizations. They need to ens...Easy Q02An enterprise needs to connect its on-premises data center to AWS. They require a dedicated, priv...Easy Q03A company wants to share a single AWS Transit Gateway across multiple AWS accounts within their A...Easy Q04An architect needs to design a highly available database architecture that spans multiple AWS Reg...Easy Q05A global financial institution is migrating its core banking application to AWS. The application ...Medium

View all 75 questions →