Logo
AWS Certified Developer – Associate / Question #966 of 557

Question #966

A developer is building a serverless application using WebSocket APIs in Amazon API Gateway. The developer needs to implement a Lambda authorizer to handle authorization, with the goals of minimizing latency by caching authorization results and avoiding repeated processing of security credentials for each request. Which two actions should the developer take to achieve these goals? (Choose two.)

E

Apply resource policies to the WebSocket API to restrict access to specific IP ranges.
A

Implement a token-based Lambda authorizer to enable built-in caching of authorization results.
B

Use a request parameter-based Lambda authorizer to validate credentials dynamically for each request.
C

Set up an integration request mapping template to access the authorization context data returned by the Lambda authorizer.
D

Configure the integration request mapping template to include the API Gateway usage plan key for authentication.

Explanation

The correct answers are A and C.

Why A is correct: Token-based Lambda authorizers (A) support built-in caching because they rely on a single token (e.g., JWT) for authorization. API Gateway caches the policy returned by the authorizer, reducing latency by avoiding repeated credential processing for subsequent requests with the same token.

Why C is correct: After authorization, the Lambda authorizer returns an authorization context containing user-specific data. By configuring an integration request mapping template (C), the backend service (e.g., Lambda) can access this cached context without reprocessing credentials, further reducing latency.

Why others are incorrect:
- B: Request parameter-based authorizers do not support caching as they depend on dynamic parameters (e.g., headers), leading to frequent reprocessing.
- D: Usage plan keys are for API throttling/monitoring, not authorization caching.
- E: Resource policies restrict IP access but do not address credential caching or Lambda authorizers.

Key Points:
1. Token-based authorizers enable caching.
2. Mapping templates pass cached authorization context to backend services.

Answer

The correct answer is: AC