Answer-first summary for fast verification
Answer: Configure the ALB's listener rules to authenticate requests using Cognito, denying access for unauthenticated requests.
The correct answer is B. This approach leverages the built-in capabilities of the Application Load Balancer (ALB) to authenticate requests using Amazon Cognito. By configuring the listener rules to authenticate using Cognito and setting the rule action type to authenticate-cognito, the ALB ensures that every request is authenticated before forwarding it to the target group. The OnUnauthenticatedRequest field set to 'deny' ensures that unauthenticated requests are rejected, fulfilling the requirement to authenticate every request. This method provides a seamless way to handle authentication using AWS services without additional Lambda functions or API Gateway configurations.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
How can a developer ensure that all requests to a web API, served by an internet-facing Application Load Balancer (ALB) with an HTTPS listener and secured by an Amazon Cognito user pool, are authenticated?
A
Implement a listener rule to return a 401 Unauthorized response if the Authorization header is absent.
B
Configure the ALB's listener rules to authenticate requests using Cognito, denying access for unauthenticated requests.
C
Utilize Amazon API Gateway with an authorizer set to the Cognito user pool for all API methods, forwarding them to the ALB endpoint.
D
Integrate a Lambda function within a new target group to validate the Authorization header against Amazon Cognito, linking this group to the listener.