AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

A company hosts its application on AWS. The company uses Amazon Cognito to manage users. When users log in to the application, the application fetches required data from Amazon DynamoDB by using a REST API that is hosted in Amazon API Gateway. The company wants an AWS managed solution that will control access to the REST API to reduce development efforts.

Which solution will meet these requirements with the LEAST operational overhead?

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Configure an AWS Lambda function to be an authorizer in API Gateway to validate which user made the request.

For each user, create and assign an API key that must be sent with each request. Validate the key by using an AWS Lambda function.

Send the user's email address in the header with every request. Invoke an AWS Lambda function to validate that the user with that email address has proper access.

Configure an Amazon Cognito user pool authorizer in API Gateway to allow Amazon Cognito to validate each request.

Explanation:

Explanation

Correct Answer: D - Configure an Amazon Cognito user pool authorizer in API Gateway to allow Amazon Cognito to validate each request.

Why Option D is Correct:

AWS Managed Solution: Amazon Cognito user pool authorizer is a native, AWS-managed integration between API Gateway and Amazon Cognito. This requires minimal development effort as it's a built-in feature.
Least Operational Overhead: The solution leverages existing Amazon Cognito user management without requiring custom Lambda functions for authorization logic.
Secure Token Validation: When users authenticate with Amazon Cognito, they receive JSON Web Tokens (JWTs). API Gateway can validate these tokens automatically without custom code.
Reduced Development Efforts: No need to write, deploy, or maintain Lambda functions for authorization - the integration is configured through API Gateway settings.

Why Other Options Are Incorrect:

Option A: While using a Lambda authorizer works, it requires developing, deploying, and maintaining custom Lambda function code, which increases operational overhead.

Option B: Creating and managing API keys per user adds significant operational overhead for key management, rotation, and validation through custom Lambda functions.

Option C: Sending email addresses in headers is insecure (easily spoofed) and requires custom Lambda function development for validation, increasing operational overhead.

Key AWS Concepts:

Amazon Cognito User Pool Authorizer: A native API Gateway authorizer that validates JWT tokens from Cognito user pools
JWT (JSON Web Token): Secure tokens containing user claims that can be validated without database lookups
AWS Managed Services: Solutions that minimize operational overhead by leveraging AWS-managed integrations

This solution aligns with AWS best practices for serverless architectures where you want to minimize custom code and leverage managed services for security and scalability.

Powered ByGPT-5.2

Comments

Loading comments...