ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 447 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 447
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company has released a new version of a website to target an audience in Asia and South America. The website's media assets are hosted on Amazon S3 and have an Amazon CloudFront distribution to improve end-user performance. However, users are having a poor login experience, the authentication service is only available in the us-east-1 AWS Region.
How can the Solutions Architect improve the login experience and maintain high security and performance with minimal management overhead?

  • A. Replicate the setup in each new geography and use Amazon Route 53 geo-based routing to route traffic to the AWS Region closest to the users.
  • B. Use an Amazon Route 53 weighted routing policy to route traffic to the CloudFront distribution. Use CloudFront cached HTTP methods to improve the user login experience.
  • C. Use Amazon Lambda@Edge attached to the CloudFront viewer request trigger to authenticate and authorize users by maintaining a secure cookie token with a session expiry to improve the user experience in multiple geographies.
  • D. Replicate the setup in each geography and use Network Load Balancers to route traffic to the authentication service running in the closest region to users.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
Reference:
https://aws.amazon.com/blogs/networking-and-content-delivery/authorizationedge-how-to-use-lambdaedge-and-json-web-tokens-to-enhance-web-application- security/
by awsec2 at Sept. 14, 2019, 1:08 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
donathon
Highly Voted 3 years, 8 months ago
C There are several benefits to using Lambda@Edge for authorization operations. First, performance is improved by running the authorization function using Lambda@Edge closest to the viewer, reducing latency and response time to the viewer request. The load on your origin servers is also reduced by offloading CPU-intensive operations such as verification of JSON Web Token (JWT) signatures. Finally, there are security benefits such as filtering out unauthorized requests before they reach your origin infrastructure. https://aws.amazon.com/blogs/networking-and-content-delivery/authorizationedge-how-to-use-lambdaedge-and-json-web-tokens-to-enhance-web-application-security/
upvoted 42 times
LeoChu
3 years, 7 months ago
very detail explanation, thank you
upvoted 1 times
...
kirrim
3 years, 7 months ago
Another link specifically about using Lambda@Edge with cookies: https://aws.amazon.com/blogs/networking-and-content-delivery/authorizationedge-using-cookies-protect-your-amazon-cloudfront-content-from-being-downloaded-by-unauthenticated-users/
upvoted 1 times
...
...
JWC
Highly Voted 3 years, 8 months ago
To those proposing C, the issue is with user login/authentication, NOT authorization. I agree Lambda@Edge would help with authorization. I'm not sure how it helps with authentication, which would require some type of directory, preferably close to the user, to validate user credentials. A would accomplish this.
upvoted 6 times
JAWS1600
3 years, 8 months ago
https://medium.com/monstar-lab-bangladesh-engineering/configure-basic-authentication-for-cloudfront-using-lambda-edge-c23ce46216d7 Here is teh document showing how to use lambda edge for authENTICATION
upvoted 4 times
...
...
dmscountera
Most Recent 2 years, 8 months ago
Selected Answer: C
Based on all comments
upvoted 1 times
...
tartarus23
3 years, 1 month ago
Selected Answer: C
C. Lambda@Edge enables modifying and servicing requests to and from the CloudFront so that the authorization process is offloaded to it instead of waiting to reach the AWS servers.
upvoted 1 times
...
AzureDP900
3 years, 6 months ago
c is perfect answer
upvoted 1 times
...
SivaDorai76
3 years, 6 months ago
https://aws.amazon.com/blogs/networking-and-content-delivery/lambdaedge-design-best-practices/ The link has details on Authentication which can be done using Lambda@Edge and more.
upvoted 1 times
...
andylogan
3 years, 7 months ago
It's C
upvoted 1 times
...
WhyIronMan
3 years, 7 months ago
I'll go with C
upvoted 2 times
...
Waiweng
3 years, 7 months ago
it's C
upvoted 2 times
...
kiev
3 years, 7 months ago
Full House says C is the answer. Very clear explanation from Donathon
upvoted 4 times
...
Kian1
3 years, 7 months ago
going with C
upvoted 1 times
...
Ebi
3 years, 7 months ago
C is the answer
upvoted 4 times
...
sanjaym
3 years, 7 months ago
C for sure.
upvoted 1 times
...
T14102020
3 years, 7 months ago
Correct answer is C. Lambda@Edge
upvoted 1 times
...
jackdryan
3 years, 7 months ago
I'll go with C
upvoted 3 times
...
Bulti
3 years, 7 months ago
C is the answer. A Lambda@Edge function can also make network calls to external resources to confirm user credentials. Assuming authentication happens only in us-east-1 region, Lamba@Edge can atleast validate the JWT Token signature to determine if the user can directly access the content if the signature is valid. If the JWT token signature is invalid then it can redirect the user to the Authentication service in us-east-1 thereby improving the performance of the system.
upvoted 3 times
...
AlwaysLearning2020
3 years, 7 months ago
https://aws.amazon.com/blogs/networking-and-content-delivery/authorizationedge-using-cookies-protect-your-amazon-cloudfront-content-from-being-downloaded-by-unauthenticated-users/
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel