AWS Certified Solutions Architect - Professional
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A company is deploying a third-party web application on AWS, which is packaged as a Docker image and deployed as an AWS Fargate service in Amazon Elastic Container Service (Amazon ECS). Traffic to the application is managed by an Application Load Balancer (ALB). The company requires that only a specific list of users can access the application from the internet, without modifying the application or integrating it with an identity provider. Additionally, all users must be authenticated using multi-factor authentication (MFA). Which solution meets these requirements?
Explanation:
The correct answer is A. In this scenario, setting up a user pool in Amazon Cognito allows you to define the specific list of users who can access the application. You can configure the user pool to require multi-factor authentication (MFA), ensuring an additional layer of security for user authentication. Configuring the ALB listener rule to require authentication through the Amazon Cognito hosted UI ensures that users attempting to access the application through the ALB will be redirected to the Cognito hosted UI for authentication, where they will need to provide their credentials and MFA code. This setup ensures that only authenticated users from the specific user pool with MFA will have access to the application, meeting the requirements without modifying the application itself.