You are an application developer that is tasked to extend an existing backend application with a serverless API behind an Amazon API Gateway. Frontend clients will interact with the API of the existing application and the new serverless API via REST calls. Requests to both APIs are authenticated using a token in the HTTP header verified by the existing IAM solution.How can you use the existing auth mechanism to secure access to the API Gateway with the least amount of work?Use a AWS Lambda authorizer to validate tokens at the existing IAM solution. Connect the Lambda function that serves as your authorizer to a VPC to allow private connectivity to the existing IAM solutionUse a Lambda Extension to augment your Lambda functions with functionality to interact with your existing IAM solution. Configure the function to run for every Lambda and cancel code executions when auth failsCreate an Amazon Cognito User Pool and established a managed synchronization between your existing IAM solution and Cognito. Use the native integration of Cognito with Amazon API Gateway for authenticationCreate an Amazon Cognito Identity Pool and add your custom solutions as a federated identity provider. Use the native integration of Cognito with API Gateway for authentication
Question
You are an application developer that is tasked to extend an existing backend application with a serverless API behind an Amazon API Gateway. Frontend clients will interact with the API of the existing application and the new serverless API via REST calls. Requests to both APIs are authenticated using a token in the HTTP header verified by the existing IAM solution.How can you use the existing auth mechanism to secure access to the API Gateway with the least amount of work?Use a AWS Lambda authorizer to validate tokens at the existing IAM solution. Connect the Lambda function that serves as your authorizer to a VPC to allow private connectivity to the existing IAM solutionUse a Lambda Extension to augment your Lambda functions with functionality to interact with your existing IAM solution. Configure the function to run for every Lambda and cancel code executions when auth failsCreate an Amazon Cognito User Pool and established a managed synchronization between your existing IAM solution and Cognito. Use the native integration of Cognito with Amazon API Gateway for authenticationCreate an Amazon Cognito Identity Pool and add your custom solutions as a federated identity provider. Use the native integration of Cognito with API Gateway for authentication
Solution
The best way to secure access to the API Gateway using the existing authentication mechanism with the least amount of work would be to use an AWS Lambda authorizer to validate tokens at the existing IAM solution.
Here are the steps:
-
Create a Lambda function that will serve as your authorizer. This function will be responsible for validating the tokens provided by the clients.
-
Connect this Lambda function to a Virtual Private Cloud (VPC) to allow private connectivity to the existing IAM solution. This ensures that the function can securely access the IAM solution to validate the tokens.
-
Configure the API Gateway to use this Lambda function as its authorizer. This means that whenever a client makes a request to the API Gateway, the Gateway will first invoke the Lambda function to validate the client's token.
-
If the token is valid, the Lambda function will return an IAM policy that allows the client to access the requested resources. If the token is invalid, the function will return a policy that denies access.
This solution requires minimal changes to the existing application and leverages the existing IAM solution for authentication, making it the most efficient option.
Similar Questions
As a Solutions Architect for an e-commerce company, you are asked to improve the overall performance of an application that is behind Amazon API Gateway. You also need to protect the backend system and the application from traffic spikes.What is the optimal solution that you would recommend?Enable API Gateway to automatically scale and set throttling limitsEnable caching and set throttling limits.Enable caching and scale API gateway services.Enable caching and WAF (Web Application Firewall)
As a Solutions Architect for an e-commerce company, you are asked to improve the overall performance of an application that is behind Amazon API Gateway. You also need to protect the backend system and the application from traffic spikes.What is the optimal solution that you would recommend?Enable caching and WAF (Web Application Firewall)Enable caching and set throttling limits.Enable API Gateway to automatically scale and set throttling limitsEnable caching and scale API gateway services.
Your company wants to expose their services to external developers as public APIs. They want to do this for monetization, visibility and engagement that results in growth. They also want to throttle requests to those APIs based on defined limits and quotas.What service would you suggest to meet the requirements?AWS AppSyncApplication Load BalancerAmazon API GatewayLambda Function URL
Which service/tool will you use to create and provide trusted users with temporary security credentials that can control access to your AWS resources?Question 60Answera.AWS Web Application Firewall (AWS WAF)b.Amazon Cognitoc.AWS Security Token Service (AWS STS)d.AWS IAM Identity Center
Which service/tool will you use to create and provide trusted users with temporary security credentials that can control access to your AWS resources?Question 18Answera.AWS Security Token Service (AWS STS)b.Amazon Cognitoc.AWS Web Application Firewall (AWS WAF)d.AWS IAM Identity Center
Upgrade your grade with Knowee
Get personalized homework help. Review tough concepts in more detail, or go deeper into your topic by exploring other relevant questions.