Q18 — AWS DVA-C02 Ch.1
Question 18 of 100 | ← Chapter 1
A developer is designing a serverless application for a game in which users register and log in via a web browser. The application invokes AWS Lambda functions behind an Amazon API Gateway HTTP API on behalf of users. The developer needs to implement a solution that enables user registration and login on the application’s login page. The solution must minimize operational overhead and reduce ongoing management of user identities. Which solution meets these requirements?
- A. Create an Amazon Cognito user pool for external social identity providers. Configure IAM roles for the identity pool. ✓
- B. Write the login page to create IAM groups for users and attach IAM roles to those groups.
- C. Create an Amazon RDS for SQL Server DB instance to store users and manage permissions for AWS backend resources.
- D. Configure the login page to register and store users and their passwords in an Amazon DynamoDB table with an attached IAM policy.
Correct Answer: A. Create an Amazon Cognito user pool for external social identity providers. Configure IAM roles for the identity pool.
Explanation
Option A recommends using Amazon Cognito user pools to manage user identities—especially for external social identity providers. Amazon Cognito provides built-in authentication, authorization, and user management, and integrates seamlessly with external providers such as Facebook and Google. By configuring IAM roles for the identity pool, fine-grained permissions for accessing AWS resources can be defined. This approach minimizes operational overhead and reduces ongoing identity management. In contrast, option B requires manual IAM group/role creation and management; option C introduces unnecessary complexity and cost with relational database infrastructure; and option D stores credentials insecurely and demands significant custom development and maintenance. Thus, option A is the optimal solution.