Home › AWS Developer Associate › cloudcomputing › awsdevelopment › An API Gateway REST API in front of Lambda needs…
An API Gateway REST API in front of Lambda needs to authenticate requests using a Cognito user pool. Which API Gateway authoriser type fits BEST?
AA Cognito User Pool authoriser configured on the method
BIAM signing for every browser request
CNo authoriser — rely on the Lambda function to validate the JWT itself
DA custom Lambda authoriser that calls back to Cognito on every request
Answer & Solution
Correct answer: A. A Cognito User Pool authoriser configured on the method
API Gateway has a first-class Cognito User Pool authoriser — validates Cognito-issued ID/access tokens at the edge before the request reaches Lambda. A custom Lambda authoriser is a fallback for non-Cognito IdPs. IAM signing isn't browser-friendly; offloading auth into the function works but is unnecessary boilerplate.
Related questions
A Lambda function reads from a Kinesis Data Stream. Throughput is fine on average but spikWhich strategy allows a Lambda function inside a VPC to access the internet (e.g., to callA serverless app needs to fan out a single event to multiple downstream Lambda functions, A Lambda function processes a large file from S3. Cold starts are unacceptably long on JavWhich AWS feature lets developers attach short-lived AWS credentials to a Lambda function What does it mean for an API endpoint to be IDEMPOTENT?A Lambda function is processing messages from an SQS queue. Some messages fail repeatedly.Which Lambda configuration setting most directly affects the function's CPU and network pe