Question #1364
A company is developing a globally accessible web application that requires secure user authentication and dynamic authorization checks. The solution must use a serverless architecture, support a user base starting at 50 but designed to scale to thousands, and ensure minimal latency during login and content delivery. The architecture must also integrate seamlessly with the existing web application while remaining cost-effective. Which approach BEST meets these requirements?
Use Amazon Cognito for authentication. Use Lambda@Edge for authorization. Use Amazon CloudFront to distribute the web content globally.
Use AWS IAM for authentication. Use AWS Lambda for authorization. Use Amazon S3 Transfer Acceleration to serve the web application globally.
Use AWS Directory Service for authentication. Use Lambda@Edge for authorization. Use AWS Elastic Beanstalk to host the web application globally.
Use Amazon Cognito with SAML federation for authentication. Use API Gateway with Lambda authorizers for authorization. Use CloudFront with an S3 origin for content delivery.
Explanation
Option A is correct because:
- Amazon Cognito provides secure, scalable user authentication and integrates seamlessly with web apps.
- Lambda@Edge enables dynamic authorization checks at edge locations, reducing latency for global users.
- CloudFront ensures fast content delivery via its global CDN.
Other options fail because:
- B: AWS IAM is unsuitable for end-user authentication; S3 Transfer Acceleration is less efficient than CloudFront.
- C: AWS Directory Service is overkill for standard user auth, and Elastic Beanstalk isn't serverless.
- D: API Gateway Lambda authorizers introduce regional latency, while Lambda@Edge (A) handles authorization closer to users.
Key Points:
1. Cognito is AWS's managed service for user authentication.
2. Lambda@Edge minimizes latency for global authorization checks.
3. CloudFront optimizes global content delivery in a serverless architecture.
Answer
The correct answer is: A