Answer-first summary for fast verification
Answer: Create a Lambda function URL for the function. Specify AWS_IAM as the authentication type.
## Explanation **Correct Answer: B** - Create a Lambda function URL for the function. Specify AWS_IAM as the authentication type. ### Why Option B is Correct: 1. **Operational Efficiency**: Lambda function URLs provide the simplest and most direct way to expose a Lambda function as an HTTPS endpoint with IAM authentication. This is a single-step configuration that doesn't require additional services. 2. **Native IAM Support**: Lambda function URLs natively support AWS_IAM authentication type, which automatically handles IAM-based authentication without requiring custom code. 3. **Minimal Components**: This solution uses only Lambda (with function URL), whereas other options require additional services like API Gateway or CloudFront. 4. **Cost Efficiency**: Lambda function URLs have no additional charges beyond Lambda execution costs, making them more cost-effective than API Gateway. ### Analysis of Other Options: **Option A (API Gateway)**: - While API Gateway can integrate with Lambda and support IAM authentication, it adds complexity with API Gateway configuration, deployment stages, and additional cost. - Requires more operational overhead than Lambda function URLs. **Option C (Lambda@Edge)**: - Lambda@Edge functions run at CloudFront edge locations, which adds complexity for deployment and management. - Requires custom IAM authentication logic to be written in the Lambda@Edge function. - Not the most operationally efficient solution for a simple microservice. **Option D (CloudFront Functions)**: - CloudFront Functions are JavaScript-based and have a 1ms runtime limit, making them unsuitable for Go-based Lambda functions. - CloudFront Functions don't support Go runtime and cannot be used with AWS_IAM authentication type. ### Key Considerations: - Lambda function URLs were introduced specifically to simplify exposing Lambda functions as HTTP endpoints. - They support both AWS_IAM and NONE authentication types. - The Go 1.x runtime is fully compatible with Lambda function URLs. - This solution meets all requirements: HTTPS endpoint, IAM authentication, and operational efficiency. ### Best Practice:** For simple microservices where clients need direct access to Lambda functions with IAM authentication, Lambda function URLs are the recommended approach due to their simplicity, lower cost, and reduced operational overhead compared to API Gateway.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A solutions architect needs to design a new microservice for a company's application. Clients must be able to call an HTTPS endpoint to reach the microservice. The microservice also must use AWS Identity and Access Management (IAM) to authenticate calls. The solutions architect will write the logic for this microservice by using a single AWS Lambda function that is written in Go 1.x.
Which solution will deploy the function in the MOST operationally efficient way?
A
Create an Amazon API Gateway REST API. Configure the method to use the Lambda function. Enable IAM authentication on the API.
B
Create a Lambda function URL for the function. Specify AWS_IAM as the authentication type.
C
Create an Amazon CloudFront distribution. Deploy the function to Lambda@Edge. Integrate IAM authentication logic into the Lambda@Edge function.
D
Create an Amazon CloudFront distribution. Deploy the function to CloudFront Functions. Specify AWS_IAM as the authentication type.