Q93 — AWS DVA-C02 Ch.1
Question 93 of 100 | ← Chapter 1
A company has an application that uses Amazon Cognito user pools as its identity system. The company must protect access to user records. The company has enabled multi-factor authentication (MFA). The company also wants to send login activity notifications via email each time a user logs in. What is the most efficient solution to meet these requirements?
- A. Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send email notifications. Add an Amazon API Gateway API to invoke the function. Call the API from the client after receiving login confirmation.
- B. Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send email notifications. Add an Amazon Cognito Post Authentication Lambda trigger to the function. ✓
- C. Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send email notifications. Create an Amazon CloudWatch Logs subscription filter to invoke the function based on login status.
- D. Configure Amazon Cognito to stream all logs to Amazon Kinesis Data Firehose. Create an AWS Lambda function to process the streamed logs and send email notifications based on each user's login status.
Correct Answer: B. Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send email notifications. Add an Amazon Cognito Post Authentication Lambda trigger to the function.
Explanation
In Amazon Cognito, Lambda triggers can be directly configured for specific events such as user login. This approach is the most direct and efficient because it automatically invokes the function upon user action without requiring additional API calls or log subscriptions. Option B precisely fulfills this need by invoking the Lambda function via a Cognito Post Authentication trigger to send email notifications upon login. This ensures real-time delivery and simplifies architecture, making it the most efficient solution to meet the stated requirements.