Question #1061
A developer is configuring an authorization mechanism using Amazon API Gateway and needs to test JSON Web Token (JWT) authorization without managing custom code. The developer must use the built-in authorizer and ensure the API has a route available at /auth. Which solution meets these requirements?
Create a WebSocket API with the /auth route, configure the JWT authorizer, attach it to the API, and deploy.
Create a WebSocket API with the /auth route, create an AWS Lambda authorizer, attach it to the API, and deploy.
Create an HTTP API with the /auth route, create an AWS Lambda authorizer, attach it to the /auth route, and deploy.
Create an HTTP API with the /auth route, configure the JWT authorizer, attach it to the /auth route, and deploy.
Explanation
Option D is correct because:
1. HTTP API (not WebSocket) supports built-in JWT authorizers, eliminating the need for custom Lambda code.
2. The JWT authorizer is configured and attached to the /auth route, meeting the requirement.
Other options are incorrect because:
- A & B: WebSocket APIs do not support built-in JWT authorizers; they require Lambda authorizers or IAM roles.
- C: While HTTP APIs are used, Lambda authorizers require custom code, which violates the 'no custom code' requirement.
Key Points:
- Use HTTP API for built-in JWT authorizers.
- Avoid Lambda authorizers if custom code is prohibited.
- Ensure the authorizer is attached to the required route (/auth).
Answer
The correct answer is: D