Q14 — AWS DVA-C02 Ch.3

Question 14 of 100 | ← Chapter 3

A company is developing an application accessible via an Amazon API Gateway REST API. Only registered users should access certain API resources. Credentials must expire automatically and require periodic refresh. How should the developer meet these requirements?

Correct Answer: C. Create an Amazon Cognito user pool, configure a Cognito Authorizer in API Gateway, and use ID or access tokens.

Explanation

Option C satisfies all requirements: Amazon Cognito User Pools provide scalable, secure user authentication and authorization; the Cognito Authorizer in API Gateway enforces access control based on validated tokens; and Cognito supports configurable token expiration and refresh mechanisms, ensuring secure, time-limited access. Identity pools (option A) are intended for unauthenticated/federated identities—not registered end users—and IAM (option D) is unsuitable for managing large numbers of end-user credentials.