Q18 — AWS DVA-C02 Ch.1

Question 18 of 100 | ← Chapter 1

A developer is designing a serverless application for a game in which users register and log in via a web browser. The application invokes AWS Lambda functions behind an Amazon API Gateway HTTP API on behalf of users. The developer needs to implement a solution that enables user registration and login on the application’s login page. The solution must minimize operational overhead and reduce ongoing management of user identities. Which solution meets these requirements?

Correct Answer: A. Create an Amazon Cognito user pool for external social identity providers. Configure IAM roles for the identity pool.

Explanation

Option A recommends using Amazon Cognito user pools to manage user identities—especially for external social identity providers. Amazon Cognito provides built-in authentication, authorization, and user management, and integrates seamlessly with external providers such as Facebook and Google. By configuring IAM roles for the identity pool, fine-grained permissions for accessing AWS resources can be defined. This approach minimizes operational overhead and reduces ongoing identity management. In contrast, option B requires manual IAM group/role creation and management; option C introduces unnecessary complexity and cost with relational database infrastructure; and option D stores credentials insecurely and demands significant custom development and maintenance. Thus, option A is the optimal solution.