Which solution will meet these requirements with the MOST operational efficiency?
Configure an Amazon Cognito user pool for user authentication. Implement Amazon API Gateway REST APIs with a Cognito authorizer.
Configure an Amazon Cognito identity pool for user authentication. Implement Amazon API Gateway HTTP APIs with a Cognito authorizer.
Configure an AWS Lambda function to handle user authentication. Implement Amazon API Gateway REST APIs with a Lambda authorizer.
Configure an IAM user to handle user authentication. Implement Amazon API Gateway HTTP APIs with an IAM authorizer.
Explanations:
Using Amazon Cognito user pools for user authentication simplifies the management of user identities and integrates seamlessly with Amazon API Gateway REST APIs through a Cognito authorizer. This approach provides a scalable and efficient solution for verifying users while minimizing operational overhead.
While Amazon Cognito identity pools can be used for authentication, they are typically utilized for federated identities rather than direct user authentication. Furthermore, API Gateway HTTP APIs are designed for lower latency and cost but may lack some features present in REST APIs, making it less suitable for complex authentication scenarios.
Implementing an AWS Lambda function for user authentication adds unnecessary complexity and operational overhead. Lambda functions require management of the authentication logic and scaling considerations. Additionally, using a Lambda authorizer can introduce latency compared to using Cognito, which is specifically designed for user authentication.
Configuring IAM users for authentication is not practical for web applications with millions of users. IAM is designed for managing access to AWS resources rather than for handling user authentication in a scalable way. Using IAM authorizers can lead to management challenges and does not provide the user-friendly authentication flow expected by web applications.