Which solution will meet these requirements?
Activate web server modules for authentication and authorization on the instance. Use HTTP basic authentication for the user login.
Deploy a custom authentication and authorization API over HTTP. Store the user credentials on Amazon ElastiCache for Redis.
Use Amazon Cognito to configure a user pool. Use the Amazon Cognito API to authenticate and authorize the users.
Create IAM users. Assign the users to different IAM groups. Use AWS Single Sign-On to authenticate and authorize each user.
Explanations:
HTTP basic authentication transmits credentials in an easily decodable format without encryption, making it insecure for transmitting sensitive user data. Moreover, this method does not provide a comprehensive solution for user management and secure storage.
Storing user credentials in Amazon ElastiCache for Redis is not secure as it lacks built-in encryption for sensitive data, and it doesn’t offer a proper mechanism for user authentication and authorization. Additionally, a custom API over HTTP without HTTPS would expose credentials during transmission.
Amazon Cognito provides a secure and scalable solution for user authentication and authorization. It handles user credentials securely, supports encryption, and uses HTTPS for transmitting data. It also offers features such as multi-factor authentication, making it a comprehensive solution.
While AWS IAM and AWS Single Sign-On offer secure management of users and groups, they are primarily designed for managing AWS resources and services rather than general web application user authentication and authorization. This option may not effectively meet the specific needs for application-level user management.