Which combination of steps will meet these requirements?
(Choose two.)
Create a public Network Load Balancer.
Create a public Application Load Balancer.
Configure a listener for the load balancer that listens on HTTPS port 443. Add a default authenticate action providing the OIDC IdP configuration.
Configure a listener for the load balancer that listens on HTTP port 80. Add a default authenticate action providing the OIDC IdP configuration.
Configure a listener for the load balancer that listens on HTTPS port 443. Add a default AWS Lambda action providing an Amazon Resource Name (ARN) to a Lambda authentication function.
Explanations:
A public Network Load Balancer does not support authentication features like OIDC. It is primarily used for TCP/UDP traffic routing and does not handle HTTP/HTTPS requests directly.
A public Application Load Balancer (ALB) is designed for HTTP/HTTPS traffic and can support advanced features like OIDC authentication, making it suitable for this requirement.
Configuring a listener on HTTPS port 443 with a default authenticate action allows the Application Load Balancer to intercept requests and authenticate users against the OIDC IdP, thereby securing access to the website.
Using HTTP port 80 for a listener means that traffic is not encrypted, which is not secure for sensitive data. While the default authenticate action can be configured, it is not advisable for sensitive data access.
While using an AWS Lambda function for authentication is a valid approach, it complicates the implementation and is not necessary when OIDC authentication is directly supported by the Application Load Balancer. The goal is to avoid editing the website, making this option less suitable.