AWS Certified Advanced Networking - Specialty
Get started today
Ultimate access to all questions.
A company runs a web application on Amazon EC2 instances behind an Application Load Balancer (ALB), which serves as the origin for an Amazon CloudFront distribution. The company aims to implement a custom authentication system to issue tokens for authenticated customers. The web application must verify that GET/POST requests originate from authenticated customers before serving content.
What is the MOST operationally efficient solution that allows the web application to identify authorized customers?
A company runs a web application on Amazon EC2 instances behind an Application Load Balancer (ALB), which serves as the origin for an Amazon CloudFront distribution. The company aims to implement a custom authentication system to issue tokens for authenticated customers. The web application must verify that GET/POST requests originate from authenticated customers before serving content.
What is the MOST operationally efficient solution that allows the web application to identify authorized customers?
Explanation:
The most operationally efficient solution for identifying authorized customers in this scenario is to use AWS Lambda@Edge. Lambda@Edge allows you to run code in response to CloudFront events, such as viewer request and origin request, without provisioning or managing servers. This solution is efficient because it leverages the existing CloudFront distribution to inspect the authorized token inside the GET/POST request payload and insert a customized header to inform the web application of an authenticated customer request. This approach minimizes latency and operational overhead by processing requests at the edge, closer to the end-users, and integrates seamlessly with the existing architecture without the need for additional infrastructure or complex configurations.