Exam AWS Certified Developer Associate topic 1 question 275 discussion

To implement authentication for viewers through social identity providers (IdPs) in an AWS-native solution, the following actions can be taken: Configure Amazon Cognito user pools with social IdPs: This enables the website to authenticate users against well-known social identity providers such as Facebook, Google, or Amazon. Amazon Cognito user pools provide a fully managed user directory that scales to hundreds of millions of users, and it can integrate with any IdP that supports the OpenID Connect (OIDC) or Security Assertion Markup Language (SAML) standards. Configure an ALB listener to add a rule for authentication: The ALB can be configured to authenticate viewer requests using the Amazon Cognito user pool as the authentication provider. This can be done by creating an authentication rule on the ALB listener. The rule can specify the Amazon Cognito user pool as the authentication provider, and it can redirect unauthenticated requests to a login page hosted by Amazon Cognito. Therefore, the correct combination of actions to meet these requirements is A and D

Why would you use user pools when you are told to specifically "use AWS native services in the solution" and this link specifically says Identity Providers: https://docs.aws.amazon.com/cognito/latest/developerguide/external-identity-providers.html

you can use cognito user pools together with ALB.

A&D. https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html This article explains in the section "Configure user authentication " how a rule needs to be created for the listener for both "authenticate-cognito" and "authenticate-oidc". Because questions states to use aws native services cognito is more suitable as it already handles well-known social identity providers.

I think it's B and D. https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html The following use cases are supported: Authenticate users through an identity provider (IdP) that is OpenID Connect (OIDC) compliant. Authenticate users through social IdPs, such as Amazon, Facebook, or Google, through the user pools supported by Amazon Cognito. Authenticate users through corporate identities, using SAML, LDAP, or Microsoft AD, through the user pools supported by Amazon Cognito.

You can configure an Application Load Balancer to securely authenticate users as they access your applications. This enables you to offload the work of authenticating users to your load balancer so that your applications can focus on their business logic. The following use cases are supported: Authenticate users through an identity provider (IdP) that is OpenID Connect (OIDC) compliant. Authenticate users through social IdPs, such as Amazon, Facebook, or Google, through the user pools supported by Amazon Cognito. Authenticate users through corporate identities, using SAML, LDAP, or Microsoft AD, through the user pools supported by Amazon Cognito.

Going with A&D

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html

A is defo right but not sure about C