ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer Associate All Questions

View all questions & answers for the AWS Certified Developer Associate exam
Go to Exam

Exam AWS Certified Developer Associate topic 1 question 7 discussion

Exam question from Amazon's AWS Certified Developer Associate
Question #: 7
Topic #: 1
[All AWS Certified Developer Associate Questions]

A developer is building an application that runs behind an Application Load Balancer (ALB). The ALB is configured as the origin for an Amazon CloudFront distribution. Users will log in to the application by using their social media accounts.
How can the developer authenticate users?

  • A. Validate the users by inspecting the tokens in an AWS Lambda authorizer on the ALB.
  • B. Configure the ALB to use Amazon Cognito as one of the authentication providers.
  • C. Configure CloudFront to use Amazon Cognito as one of the authentication providers.
  • D. Validate the users by calling the Amazon Cognito API in an AWS Lambda authorizer on the ALB.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by JAMG54 at Sept. 1, 2022, 3:57 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
JAMG54
Highly Voted 2 years, 5 months ago
B seems to be correct
upvoted 10 times
Merrick
2 years, 5 months ago
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html
upvoted 6 times
...
...
sumanshu
Most Recent 2 months ago
Selected Answer: B
C) - Eliminated - Amazon CloudFront does not have a direct, built-in authentication mechanism. While you could use Lambda@Edge to enforce authentication with Cognito, this approach would be unnecessarily complex
upvoted 2 times
sumanshu
2 months ago
B) Correct - ALBs natively support user authentication and authorization through Amazon Cognito as an authentication provider. This integration allows you to use Cognito for federated authentication, including social media logins (e.g., Google, Facebook).
upvoted 1 times
sumanshu
2 months ago
A) Eliminated - Lambda authorizers are not supported by ALB.
upvoted 1 times
sumanshu
2 months ago
D) Eliminated - Lambda authorizers are not supported on ALBs.
upvoted 1 times
...
...
...
...
AsmaZoheb
1 year, 1 month ago
I think so B because origin is ALB and we need to provide authentication to origin ALB, Cognito is for authentication provider.
upvoted 1 times
...
rcaliandro
1 year, 7 months ago
Selected Answer: B
It is possible to integrate Amazon Cognito User Pools with a load balancer in order to provide an authentication system before the ALB is called. It is also possible to configure the auth page by adding a logo if you want or use a third-part system to autenticate like Google or Facebook. So, we need to: - Create an user pool - Create an user pool client - Create a pool domain name - Federate with social - Configure the DNS - Congigure a callback URL to point the ALB URL (in case of successful login) (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html#cognito-requirements)
upvoted 3 times
...
LeoUrlian
1 year, 10 months ago
Selected Answer: B
i thing is B
upvoted 1 times
...
Krt5894
2 years ago
Selected Answer: B
It should be B
upvoted 1 times
...
Dirisme
2 years, 1 month ago
Its B https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html
upvoted 2 times
...
SBoksh
2 years, 2 months ago
Selected Answer: B
https://aws.amazon.com/blogs/aws/built-in-authentication-in-alb/
upvoted 2 times
...
Elliana
2 years, 3 months ago
B is correct. You cannot directly integrate Cognito User Pools with CloudFront distribution as you have to create a separate Lambda@Edge function to accomplish the authentication via Cognito User Pools.
upvoted 4 times
...
dark_cherrymon
2 years, 3 months ago
Selected Answer: D
could be D https://aws.amazon.com/blogs/networking-and-content-delivery/authorizationedge-how-to-use-lambdaedge-and-json-web-tokens-to-enhance-web-application-security/ "In the Outputs section, look for LambdaAtEdgeFunction with the URL for editing the Lambda function, similar to the screenshot below."
upvoted 2 times
dark_cherrymon
2 years, 3 months ago
oh wait no it's C because lambda at edge is for cloud front but on the question it says lambda@edge is for ALB
upvoted 1 times
JonasKahnwald
1 month, 4 weeks ago
You have to configure Cognito as auth provider for the ALB, not for CF.
upvoted 1 times
...
...
...
cloud_collector
2 years, 3 months ago
Selected Answer: B
ALB’s new authentication action provides authentication through social Identity Providers (IdP) like Google, Facebook, and Amazon through Amazon Cognito. It also natively integrates with any OpenID Connect protocol compliant IdP, providing secure authentication and a single sign-on experience across your applications. https://aws.amazon.com/blogs/aws/built-in-authentication-in-alb/
upvoted 1 times
...
kio222
2 years, 3 months ago
I think the answer is D https://aws.amazon.com/ko/blogs/security/protect-public-clients-for-amazon-cognito-by-using-an-amazon-cloudfront-proxy/
upvoted 1 times
...
Tera_911
2 years, 4 months ago
Why it can't be C?
upvoted 1 times
adsdadasdad
2 years, 4 months ago
Cloudfront is CDN, You configure the client application (mobile or web client) to use a CloudFront endpoint as a proxy to an Amazon Cognito Regional endpoint. You can configure an Application Load Balancer to securely authenticate users as they access your applications. This enables you to offload the work of authenticating users to your load balancer so that your applications can focus on their business logic.
upvoted 8 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago