How can a developer meet these requirements?

By:
On:
In: DVA-C02
Tagged:
With: 0 Comments
A company is developing an application that will be accessed through the Amazon API Gateway REST API.Registered users should be the only ones who can access certain resources of this API.The token being used should expire automatically and needs to be refreshed periodically.

How can a developer meet these requirements?

Create an Amazon Cognito identity pool, configure the Amazon Cognito Authorizer in API Gateway, and use the temporary credentials generated by the identity pool.

Create and maintain a database record for each user with a corresponding token and use an AWS Lambda authorizer in API Gateway.

Create an Amazon Cognito user pool, configure the Cognito Authorizer in API Gateway, and use the identity or access token.

Create an IAM user for each API user, attach an invoke permissions policy to the API, and use an IAM authorizer in API Gateway.

Explanations:

Identity pools are used for providing temporary AWS credentials and access to AWS resources. They are not ideal for managing application user authentication with token expiration and refresh requirements.

Using a database and a custom Lambda authorizer for token management is complex and requires additional maintenance. Cognito provides built-in user management and token expiration, which is more efficient.

Amazon Cognito user pools manage user authentication, provide access tokens with automatic expiration, and support token refresh. Configuring the Cognito Authorizer in API Gateway meets all requirements effectively.

Creating an IAM user for each API user is not scalable, and IAM tokens do not support automatic expiration and refresh. It also exposes IAM credentials, which is not ideal for application authentication.

Leave a Reply

Your email address will not be published. Required fields are marked *

2 × 5 =