Which solution will meet these requirements MOST cost-effectively?

By:
In: SAA-C03
Tagged:
With: 1 Comment
A company wants to restrict access to the content of one of its main web applications and to protect the content by using authorization techniques available on AWS.The company wants to implement a serverless architecture and an authentication solution for fewer than 100 users.The solution needs to integrate with the main web application and serve web content globally.The solution must also scale as the company’s user base grows while providing the lowest login latency possible.

Which solution will meet these requirements MOST cost-effectively?

Use Amazon Cognito for authentication. Use Lambda@Edge for authorization. Use Amazon CloudFront to serve the web application globally.

Use AWS Directory Service for Microsoft Active Directory for authentication. Use AWS Lambda for authorization. Use an Application Load Balancer to serve the web application globally.

Use Amazon Cognito for authentication. Use AWS Lambda for authorization. Use Amazon S3 Transfer Acceleration to serve the web application globally.

Use AWS Directory Service for Microsoft Active Directory for authentication. Use Lambda@Edge for authorization. Use AWS Elastic Beanstalk to serve the web application globally.

Explanations:

Amazon Cognito is a cost-effective solution for managing authentication for a small user base. Lambda@Edge can provide authorization by executing functions at CloudFront edge locations, reducing latency for global access. CloudFront serves the application globally with low latency and scales easily, making this option the most suitable for the requirements.

AWS Directory Service for Microsoft Active Directory is more suitable for larger enterprises and incurs higher costs, which is not necessary for fewer than 100 users. An Application Load Balancer may add unnecessary complexity and costs compared to using CloudFront for serving the application globally.

While Amazon Cognito is a good choice for authentication, using AWS Lambda for authorization does not provide the same edge functionality as Lambda@Edge. S3 Transfer Acceleration primarily improves the transfer speed for large files but does not serve web applications globally in the same way as CloudFront.

Similar to option B, using AWS Directory Service for Microsoft Active Directory is more costly and complex than needed for this scenario. AWS Elastic Beanstalk does not offer the same global distribution benefits as CloudFront, making it less optimal for serving content globally at low latency.

2025-10-18

1 Comment

  1. Martha
    Author

    I chart that the answer is:
    Use Amazon Cognito for authentication. Use Lambda@Edge for authorization. Use Amazon CloudFront to serve the web application globally.

Leave a Reply

Your email address will not be published. Required fields are marked *

four × four =