Logo
AWS Certified Developer – Associate / Question #569 of 557

Question #569

A developer is creating an application that allows users to back up and retrieve e-books in the cloud. The application must support hundreds of thousands of users. It uses an Amazon API Gateway REST API integrated with AWS Lambda functions to process the e-books. The application stores e-book metadata in Amazon DynamoDB.

Users must create an account to access the application and be able to upload and retrieve e-books, which range in size from 500 KB to 10 MB.

Which solution meets these requirements with the LEAST operational overhead?

A

Use Amazon Cognito user pools to manage user accounts. Configure an Amazon Cognito user pool authorizer in API Gateway to control access. Use Lambda to store e-books and metadata directly in DynamoDB. Retrieve e-books directly from DynamoDB.
B

Use Amazon Cognito user pools to manage user accounts. Configure an Amazon Cognito user pool authorizer in API Gateway to control access. Use Lambda to store e-books in Amazon S3 and record the S3 keys in DynamoDB. Retrieve e-books by querying DynamoDB for the S3 keys.
C

Create an IAM user for each application user during sign-up. Use IAM authentication for API Gateway. Use Lambda to store e-books in Amazon S3 and record the S3 keys in DynamoDB. Retrieve e-books by querying DynamoDB for the S3 keys.
D

Create a DynamoDB table to manage user accounts. Implement a Lambda authorizer to validate credentials against the table and integrate it with API Gateway. Use Lambda to store e-books in Amazon S3 and record the S3 keys in DynamoDB. Retrieve e-books by querying DynamoDB for the S3 keys.

Explanation

Option B is correct because:
1. Amazon Cognito handles user authentication and API Gateway authorization seamlessly, reducing custom code.
2. Amazon S3 is ideal for storing large files (10MB e-books) compared to DynamoDB's 400KB item limit (Option A fails here).
3. DynamoDB stores metadata/S3 keys efficiently, enabling quick lookups.

Other options:
- A: Fails due to DynamoDB's file size limitations.
- C: IAM users are not scalable for hundreds of thousands of users and create management overhead.
- D: Custom Lambda authorizers and DynamoDB-based user management increase operational complexity vs. Cognito.

Key Points:
- Use S3 for large files; DynamoDB for metadata.
- Prefer managed services (Cognito) over custom auth solutions.
- Avoid IAM users for end-user authentication at scale.

Answer

The correct answer is: B