Practice free →
HomeAWS Developer Associatecloudcomputingawsdevsecurity › An API Gateway REST API needs to require a valid…

An API Gateway REST API needs to require a valid Amazon Cognito ID token on every call. Which method-level option does that with the least custom code?

ADisable auth and validate the token inside every downstream service
BConfigure a Cognito User Pool authoriser on each protected method
CWrite a custom Lambda authoriser that validates the JWT itself
DTrust the client to always send valid tokens — no server-side check
Answer & Solution
Correct answer: B. Configure a Cognito User Pool authoriser on each protected method
API Gateway has a first-class Cognito User Pool authoriser that validates the user-pool-issued JWT before the request reaches the integration. Custom Lambda authorisers are a fallback for non-Cognito IdPs. The other options are insecure.
Solve this in the app — AWS Developer Associate practice & 24k+ MCQs →
Related questions