Practice free →
HomeAWS Developer Associatecloudcomputingawsdevelopment › An API Gateway REST API in front of Lambda needs…

An API Gateway REST API in front of Lambda needs to authenticate requests using a Cognito user pool. Which API Gateway authoriser type fits BEST?

AA Cognito User Pool authoriser configured on the method
BIAM signing for every browser request
CNo authoriser — rely on the Lambda function to validate the JWT itself
DA custom Lambda authoriser that calls back to Cognito on every request
Answer & Solution
Correct answer: A. A Cognito User Pool authoriser configured on the method
API Gateway has a first-class Cognito User Pool authoriser — validates Cognito-issued ID/access tokens at the edge before the request reaches Lambda. A custom Lambda authoriser is a fallback for non-Cognito IdPs. IAM signing isn't browser-friendly; offloading auth into the function works but is unnecessary boilerplate.
Solve this in the app — AWS Developer Associate practice & 24k+ MCQs →
Related questions