Question #1890
A company is developing a web application that requires secure access to user-specific content. They need an authentication and authorization solution that scales automatically and provides low-latency access globally. The solution must be serverless and integrate seamlessly with their existing web application hosted on AWS. Additionally, the company anticipates rapid growth in users and wants a solution that can handle increased demand without infrastructure changes.
Which combination of AWS services will meet these requirements?
Use Amazon Cognito for user authentication. Implement authorization checks using Lambda@Edge. Distribute content globally with Amazon CloudFront.
Set up AWS IAM roles for authentication. Use AWS Lambda for authorization. Serve content through Amazon S3 with Cross-Region Replication.
Utilize AWS Directory Service for authentication. Handle authorization via API Gateway. Deploy the application using AWS Elastic Beanstalk with Auto Scaling.
Integrate third-party SAML identity providers for authentication. Authorize using Amazon API Gateway custom authorizers. Use an Application Load Balancer for global traffic distribution.
Explanation
The correct answer is A because:
- Amazon Cognito provides serverless user authentication, scales automatically, and integrates with web apps.
- Lambda@Edge enables authorization checks at edge locations, ensuring low-latency access globally.
- Amazon CloudFront distributes content globally via AWS's CDN.
Other options fail because:
- B: IAM roles are not designed for end-user authentication.
- C: AWS Directory Service is not ideal for web apps, and Elastic Beanstalk is not serverless.
- D: Application Load Balancer lacks global distribution, and third-party SAML adds complexity.
Key Points: Use serverless services (Cognito, Lambda@Edge, CloudFront) for scalable, low-latency global access without infrastructure management.
Answer
The correct answer is: A