Which authentication approach would meet these requirements with the LEAST amount of effort?

By: study aws cloud

On: January 9, 2025

Tagged: Developer Associate

With: 0 Comments

A company has a web application in an Amazon Elastic Container Service (Amazon ECS) cluster running hundreds of secure services in AWS Fargate containers.The services are in target groups routed by an Application Load Balancer (ALB).Application users log in to the website anonymously, but they must be authenticated using any OpenID Connect protocol-compatible identity provider (IdP) to access the secure services.

Which authentication approach would meet these requirements with the LEAST amount of effort?

Configure the services to use Amazon Cognito.

Configure the ALB to use Amazon Cognito.

Configure the services to use AWS Security Token Service (AWS STS) with the OpenID Connect IdP.

Configure the Amazon ECS cluster to use AWS Security Token Service (AWS STS) with the OpenID Connect IdP.

Explanations:

Configuring the services to use Amazon Cognito would require integrating Cognito directly into each individual service, adding complexity.

Configuring the ALB to use Amazon Cognito allows for easy authentication with OpenID Connect-compatible IdPs, requiring minimal changes to services.

Configuring the services to use AWS STS with an OpenID Connect IdP would involve complex token management at the service level.

Configuring the ECS cluster to use AWS STS with an OpenID Connect IdP does not address the authentication requirement at the ALB level.

Previous Post: Which AWS service or feature can the company use to meet these requirements?

Next Post: The company has the ability to install collector software in its on-premises environment without any constraintsWhich solution will provide the company with the required information with the LEAST operational overhead?

Leave a Reply Cancel reply