Which solution will meet these requirements with the LEAST operational overhead?
Configure an AWS Lambda function to be an authorizer in API Gateway to validate which user made the request.
For each user, create and assign an API key that must be sent with each request. Validate the key by using an AWS Lambda function.
Send the user’s email address in the header with every request. Invoke an AWS Lambda function to validate that the user with that email address has proper access.
Configure an Amazon Cognito user pool authorizer in API Gateway to allow Amazon Cognito to validate each request.
Explanations:
Using a Lambda function as an authorizer requires additional setup and maintenance. It adds operational overhead, as the Lambda function must be developed, deployed, and managed.
Creating and managing API keys for each user increases administrative burden and complexity. It requires key management and validation logic, which adds operational overhead.
Validating user access through email addresses involves custom logic and additional infrastructure (e.g., a Lambda function). This approach does not leverage existing AWS services efficiently and adds operational complexity.
Configuring an Amazon Cognito user pool authorizer directly integrates with API Gateway, allowing it to automatically validate user tokens with minimal setup and operational overhead. This solution is fully managed and simplifies the authentication process.
From my perspective, the answer is:
Configure an Amazon Cognito user pool authorizer in API Gateway to allow Amazon Cognito to validate each request.