Examice

Exam DVA-C02 All QuestionsBrowse all questions from this exam

Question 375

A company is developing an application that will be accessed through the Amazon API Gateway REST API. Registered users should be the only ones who can access certain resources of this API. The token being used should expire automatically and needs to be refreshed periodically.

How can a developer meet these requirements?

Create an Amazon Cognito identity pool, configure the Amazon Cognito Authorizer in API Gateway, and use the temporary credentials generated by the identity pool.

Create and maintain a database record for each user with a corresponding token and use an AWS Lambda authorizer in API Gateway.

Create an Amazon Cognito user pool, configure the Cognito Authorizer in API Gateway, and use the identity or access token.

Create an IAM user for each API user, attach an invoke permissions policy to the API, and use an IAM authorizer in API Gateway.

Correct Answer: C

To meet the requirements of allowing only registered users to access certain resources of the API and ensuring that the token used expires automatically and is refreshed periodically, you should create an Amazon Cognito user pool. By configuring the Cognito Authorizer in API Gateway, you can manage user authentication and authorization effectively. The identity or access tokens from the user pool provide the necessary credentials, and their expiration and refresh capabilities align perfectly with the stated requirements.

Discussion

rdiazOption: C

Option A (Amazon Cognito Identity Pool): An Amazon Cognito Identity Pool provides temporary AWS credentials for users but is typically used in conjunction with user pools for unauthenticated access and to interact with AWS services. It does not handle user authentication and token expiration directly as needed for API access.