Which solution will meet these requirements MOST cost-effectively?
Use Amazon Cognito for authentication. Use Lambda@Edge for authorization. Use Amazon CloudFront to serve the web application globally.
Use AWS Directory Service for Microsoft Active Directory for authentication. Use AWS Lambda for authorization. Use an Application Load Balancer to serve the web application globally.
Use Amazon Cognito for authentication. Use AWS Lambda for authorization. Use Amazon S3 Transfer Acceleration to serve the web application globally.
Use AWS Directory Service for Microsoft Active Directory for authentication. Use Lambda@Edge for authorization. Use AWS Elastic Beanstalk to serve the web application globally.
Explanations:
Amazon Cognito is a cost-effective solution for managing authentication for a small user base. Lambda@Edge can provide authorization by executing functions at CloudFront edge locations, reducing latency for global access. CloudFront serves the application globally with low latency and scales easily, making this option the most suitable for the requirements.
AWS Directory Service for Microsoft Active Directory is more suitable for larger enterprises and incurs higher costs, which is not necessary for fewer than 100 users. An Application Load Balancer may add unnecessary complexity and costs compared to using CloudFront for serving the application globally.
While Amazon Cognito is a good choice for authentication, using AWS Lambda for authorization does not provide the same edge functionality as Lambda@Edge. S3 Transfer Acceleration primarily improves the transfer speed for large files but does not serve web applications globally in the same way as CloudFront.
Similar to option B, using AWS Directory Service for Microsoft Active Directory is more costly and complex than needed for this scenario. AWS Elastic Beanstalk does not offer the same global distribution benefits as CloudFront, making it less optimal for serving content globally at low latency.