A company developed a set of APIs that are being served through the Amazon API Gateway. The API calls need to be authenticated based on OpenID identity providers such as Amazon or Facebook. The APIs should allow access based on a custom authorization model. Which is the simplest and MOST secure design to use to build an authentication and authorization model for the APIs?
A) Use Amazon Cognito user pools and a custom authorizer to authenticate and authorize users based on JSON Web Tokens.
B) Build a OpenID token broker with Amazon and Facebook. Users will authenticate with these identify providers and pass the JSON Web Token to the API to authenticate each API call.
C) Store user credentials in Amazon DynamoDB and have the application retrieve temporary credentials from AWS STS. Make API calls by passing user credentials to the APIs for authentication and authorization.
D) Use Amazon RDS to store user credentials and pass them to the APIs for authentications and authorization.
Correct Answer:
Verified
Q168: A game stores user game data in
Q169: A current architecture uses many Lambda functions
Q170: A Developer has created a large Lambda
Q171: A Developer has created a software package
Q172: A Developer executed a AWS CLI command
Q174: A company is migrating its on-premises database
Q175: Amazon S3 has the following structure: S3://BUCKET/FOLDERNAME/FILENAME.zip
Q176: For a deployment using AWS CodeDeploy, what
Q177: A company wants to migrate its web
Q178: A Developer must re-implement the business logic
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents