A company is seeking to enhance the security of their web-based application hosted on AWS. The application utilizes Amazon CloudFront with two distinct custom origins. The first origin directs requests to an Amazon API Gateway HTTP API, while the second origin directs traffic to an Application Load Balancer (ALB). The application employs an OpenID Connect (OIDC) identity provider (IdP) for user authentication. A recent security audit revealed that the API is secured using a JSON Web Token (JWT) authorizer, but the ALB is currently configured to accept requests from both authenticated and unauthenticated users. To address this security gap, a solutions architect is tasked with designing a solution that ensures all backend services are accessible only by authenticated users. Which solution should the architect implement to achieve this goal?

Exam-Like

Configure the ALB to enforce authentication and authorization by integrating the ALB with the IdP. Allow only authenticated users to access the backend services.

75.0%

Modify the CloudFront configuration to use signed URLs. Implement a permissive signing policy that allows any request to access the backend services.

0.0%

Create an AWS WAF web ACL that filters out unauthenticated requests at the ALB level. Allow only authenticated traffic to reach the backend services.

25.0%

Enable AWS CloudTrail to log all requests that come to the ALB. Create an AWS Lambda function to analyze the logs and block any requests that come from unauthenticated users.

0.0%

AWS Certified Solutions Architect - Professional

Get started today

Comments