What should the developer do to meet these requirements?
Configure the application’s domain DNS setting to use the predefined domain.
Configure the prefix of the Amazon Cognito domain, amazoncognito.com, in the user pool app integration. Configure the application’s domain DNS setting to use this new prefix.
Create an AWS Certificate Manager (ACM) certificate in the us-east-1 Region. Configure the user pool’s app integration domain name with the custom domain. Configure the application’s domain DNS setting with the supplied alias target.
Create an AWS Certificate Manager (ACM) certificate in the us-east-1 Region. Configure the user pool’s domain app client settings with the custom domain. Configure the application’s domain DNS setting with the supplied alias target.
Explanations:
The predefined Amazon Cognito domain (e.g.,auth.example.com) cannot be used to match a custom application’s domain. The application’s DNS must point to a custom domain, not a predefined one.
The domain of Amazon Cognito cannot be integrated with an application’s domain by simply configuring the prefix on the user pool domain. Custom domain integration requires a valid SSL certificate and DNS alias setup.
This option correctly outlines the process for configuring a custom domain for Amazon Cognito using AWS Certificate Manager (ACM) to obtain a certificate and setting up DNS records to point to the alias target.
While an ACM certificate and the custom domain are necessary, the app client settings are not the correct place to configure the domain for user pool integration. The correct place is in the user pool domain settings, not app client settings.
I judge that the answer is:
Create an AWS Certificate Manager (ACM) certificate in the us-east-1 Region. Configure the user pool’s app integration domain name with the custom domain. Configure the application’s domain DNS setting with the supplied alias target.