Which solution will meet these requirements?

By:
On:
In: SAP-C02
Tagged:
With: 0 Comments
A company is deploying a third-party web application on AWS.The application is packaged as a Docker image.The company has deployed the Docker image as an AWS Fargate service in Amazon Elastic Container Service (Amazon ECS).An Application Load Balancer (ALB) directs traffic to the application.The company needs to give only a specific list of users the ability to access the application from the internet.The company cannot change the application and cannot integrate the application with an identity provider.All users must be authenticated through multi-factor authentication (MFA).

Which solution will meet these requirements?

Create a user pool in Amazon Cognito. Configure the pool for the application. Populate the pool with the required users. Configure the pool to require MFConfigure a listener rule on the ALB to require authentication through the Amazon Cognito hosted UI.

Configure the users in AWS Identity and Access Management (IAM). Attach a resource policy to the Fargate service to require users to use MFA. Configure a listener rule on the ALB to require authentication through IAM.

Configure the users in AWS Identity and Access Management (IAM). Enable AWS IAM Identity Center (AWS Single Sign-On). Configure resource protection for the ALB. Create a resource protection rule to require users to use MFA.

Create a user pool in AWS Amplify. Configure the pool for the application. Populate the pool with the required users. Configure the pool to require MFA. Configure a listener rule on the ALB to require authentication through the Amplify hosted UI.

Explanations:

Creating a user pool in Amazon Cognito allows you to manage user authentication and requires MFA for the specified users. The Cognito hosted UI can be used to handle authentication without changing the application code. Configuring the ALB listener rule to require authentication through Cognito ensures that only authenticated users can access the application.

IAM does not directly provide a way to authenticate users via a web interface or ALB listener rules. While you can configure IAM policies, they do not handle web application user authentication like Cognito does, and IAM itself does not natively support MFA for access through an ALB.

IAM Identity Center (formerly AWS Single Sign-On) is designed for managing access to AWS resources, not directly for web application authentication. While it can enforce MFA, it cannot be directly integrated with an ALB to protect a third-party application, and it lacks a hosted UI for user access.

AWS Amplify is primarily aimed at developing and hosting web applications rather than managing user authentication for third-party applications. It does not provide a direct mechanism to enforce MFA on its own, and there’s no hosted UI integration with an ALB for this purpose.

Leave a Reply

Your email address will not be published. Required fields are marked *

two + five =