Implementing Authorization with AWS Cognito for API Gateway

Prev Question Next Question

Question

An IOS developer is creating a simple notes APP that includes functions such as notes creation, retrieval, and deletion for an authenticated user.The mobile application also requires sign-up and sign-in functionality.

An API exposes the notes service through API Gateway.

The developer would like to implement authorization in the API to identify the authenticated user and perform operations in the context of that user, such as Create Note and Delete Note.

Which of the following should be used to achieve this requirement by AWS Cognito?

Answers

A. In Amazon Cognito, create an Identity pool used to return an ID and Access Token to the app for the authenticated user if the user logins successfully. The Access Token can then be used to authorize API invocations through API Gateway.

B. In Amazon Cognito, create users with proper IAM roles. Ensure the roles have proper policies to access API resources. Return the user.id if the user signs in successfully. The user.id can be used to invoke API for the notes service.

C. In Amazon Cognito, create an Identity Pool and User Pool. Connect the Identity Pool with the User Pool. First, authenticate with the identity pool to get the token, then exchange the token with the user pool to get temporary credentials. These credentials can be used to invoke API for the notes service.

D. In Amazon Cognito, create a User Pool and Identity Pool. Connect the Identity Pool with the User Pool. First, authenticate with the user pool to get the token, then exchange the token with the identity pool to get temporary credentials. These credentials can be used to invoke API for the notes service.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Prev Question Next Question