AWS Certified Developer - Associate
Get started today
Ultimate access to all questions.
A company is planning to add an authentication mechanism to its new RESTful API service, which is managed using Amazon API Gateway. The authentication process requires each API request to include HTTP headers containing a client ID and a user ID. These credentials need to be validated against data stored in a DynamoDB table.
As an AWS Certified Developer Associate, what would you recommend to implement this authentication in API Gateway?
A company is planning to add an authentication mechanism to its new RESTful API service, which is managed using Amazon API Gateway. The authentication process requires each API request to include HTTP headers containing a client ID and a user ID. These credentials need to be validated against data stored in a DynamoDB table.
As an AWS Certified Developer Associate, what would you recommend to implement this authentication in API Gateway?
Explanation:
Overall explanation Correct option:
Develop an AWS Lambda authorizer that references the DynamoDB authentication table - A Lambda authorizer is an API Gateway feature that uses a Lambda function to control access to your API.
A Lambda authorizer is useful if you want to implement a custom authorization scheme that uses a bearer token authentication strategy such as OAuth or SAML, or that uses request parameters to determine the caller's identity.
When a client makes a request to one of your API's methods, API Gateway calls your Lambda authorizer, which takes the caller's identity as input and returns an IAM policy as output.
There are two types of Lambda authorizers:
A token-based Lambda authorizer (also called a TOKEN authorizer) receives the caller's identity in a bearer token, such as a JSON Web Token (JWT) or an OAuth token.
A request parameter-based Lambda authorizer (also called a REQUEST authorizer) receives the caller's identity in a combination of headers, query string parameters, state variables, and $context variables.