Q94 — AWS DVA-C02 Ch.2

Question 94 of 100 | ← Chapter 2

A company is developing an application accessed via an Amazon API Gateway REST API. Only registered users can access certain API resources. Credentials must expire and require periodic refresh.

Correct Answer: C. Create an Amazon Cognito user pool, configure a Cognito authorizer in API Gateway, and use ID tokens or access tokens.

Explanation

Option C is correct because Amazon Cognito user pools provide built-in user management, including registration, sign-in, token generation, and automatic token expiration and refresh. Configuring API Gateway with a Cognito authorizer ensures only authenticated users access protected resources. ID tokens or access tokens issued by Cognito expire per configured lifetimes and can be refreshed using Cognito’s refresh token mechanism.