ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer Associate All Questions

View all questions & answers for the AWS Certified Developer Associate exam
Go to Exam

Exam AWS Certified Developer Associate topic 1 question 332 discussion

Exam question from Amazon's AWS Certified Developer Associate
Question #: 332
Topic #: 1
[All AWS Certified Developer Associate Questions]

A developer created a web API that receives requests by using an internet-facing Application Load Balancer (ALB) with an HTTPS listener. The developer configures an Amazon Cognito user pool and wants to ensure that every request to the API is authenticated through Amazon Cognito.

What should the developer do to meet this requirement?

  • A. Add a listener rule to the listener to return a fixed response if the Authorization header is missing. Set the fixed response to 401 Unauthorized.
  • B. Create an authentication action for the listener rules of the ALSet the rule action type to authenticate-cognito. Set the OnUnauthenticatedRequest field to "deny."
  • C. Create an Amazon API Gateway API. Configure all API methods to be forwarded to the ALB endpoint. Create an authorizer of the COGNITO_USER_POOLS type. Configure every API method to use that authorizer.
  • D. Create a new target group that includes an AWS Lambda function target that validates the Authorization header by using Amazon Cognito. Associate the target group with the listener.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by k1kavi1 at Nov. 26, 2022, 5:46 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mrbig00
Highly Voted 2 years, 5 months ago
Selected Answer: B
B. Create an authentication action for the listener rules of the ALB. Set the rule action type to authenticate-cognito. Set the OnUnauthenticatedRequest field to "deny." To ensure that all requests to an internet-facing Application Load Balancer (ALB) are authenticated through Amazon Cognito, the developer can create an authentication action for the listener rules of the ALB. The authentication action specifies the type of authentication to be performed, which in this case should be "authenticate-cognito." Additionally, the developer should set the OnUnauthenticatedRequest field to "deny," which will cause the ALB to reject any requests that are not authenticated. This will ensure that only requests with a valid Amazon Cognito token will be allowed through the ALB. Other options, such as adding a listener rule to return a fixed response, creating an Amazon API Gateway API, or creating a new target group with a Lambda function target, are not necessary for the given requirements.
upvoted 11 times
...
AWSdeveloper08
Most Recent 1 year, 9 months ago
Selected Answer: B
https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_AuthenticateOidcActionConfig.html
upvoted 2 times
...
Ankit1010
2 years, 3 months ago
B To ensure that every request to the API is authenticated through Amazon Cognito, the developer should create an authentication action for the listener rules of the ALB and set the rule action type to authenticate-cognito. The OnUnauthenticatedRequest field should be set to "deny." This will force the ALB to check for a valid authentication token from Amazon Cognito before forwarding the request to the target group. Option B is the correct answer.
upvoted 2 times
...
JuanFe
2 years, 3 months ago
It's c for me.
upvoted 1 times
...
xicomynor
2 years, 5 months ago
There's no need to create an API GW. ALB can handle it itself: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html You configure user authentication by creating an authenticate action for one or more listener rules. The authenticate-cognito and authenticate-oidc action types are supported only with HTTPS listeners. For descriptions of the corresponding fields, see AuthenticateCognitoActionConfig and AuthenticateOidcActionConfig in the Elastic Load Balancing API Reference version 2015-12-01.
upvoted 2 times
...
DrCloud
2 years, 5 months ago
Selected Answer: C
Control access to a REST API using Amazon Cognito user pools as authorizer: To use an Amazon Cognito user pool with your API, you must first create an authorizer of the COGNITO_USER_POOLS type and then configure an API method to use that authorizer. https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html
upvoted 1 times
...
michaldavid
2 years, 5 months ago
CCCCCCC
upvoted 1 times
...
kapil206001
2 years, 5 months ago
B https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#rule-action-types
upvoted 3 times
...
k1kavi1
2 years, 5 months ago
Selected Answer: C
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel