A company is building a serverless microservice for an existing application that uses AWS Lambda functions and Amazon API Gateway. The microservice needs to automate an on-premises identity provider (IdP) that supports the OpenID Connect (OIDC) standard.
What should the company do to implement the API authorization mechanism with the LEAST operational overhead?
To implement the API authorization mechanism with the least operational overhead, the company should use an API Gateway HTTP API to invoke the Lambda functions and set the JSON Web Token (JWT) issuer as the public OIDC endpoint of the on-premises IdP. This approach uses the native capabilities of the API Gateway HTTP API to support OIDC without requiring additional configuration or integration steps, thus minimizing operational overhead.
The answer should be A. Only HTTP api support OpenID Connect. Also, API gateway does not integrated with Cognito Identity pool (in fact it is user pool)
D: https://docs.aws.amazon.com/cognito/latest/developerguide/open-id.html
The answer is B, HTTP API is supported, not REST https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-jwt-authorizer.html
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html
Agreed
I will go with B. Why not HTTP API?
I'll go with B
B, This approach minimizes operational overhead compered to D