Your team is experimenting with the API gateway service for an application.
There is a need to implement a custom module that can be used for authentication/authorization for calls made to the API gateway.
How can this be achieved?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: B.
Option A is incorrect because API caching helps to reduce the number of calls made to your endpoint and improves the latency of requests to your API but cannot assist with authentication/authorization for calls made to the API gateway.
Option B is CORRECT because Amazon API Gateway Lambda authorizer (formerly known as a custom authorizer) is a Lambda function that you provide to control access to your API methods.
A Lambda authorizer uses bearer token authentication strategies, such as OAuth or SAML.
It can also use the information described by headers, paths, query strings, stage variables, or context variables request parameters.
Option C is incorrect because the API endpoint refers to the hostname of the API.
The API endpoint type can be edge-optimized, regional, or private, depending on where the majority of your API traffic originates from, but it cannot assists with authentication/authorization for calls made to the API gateway.
Option D is incorrect because Cross-origin resource sharing (CORS) is a browser security feature that restricts cross-origin HTTP requests initiated from scripts running in the browser, but it cannot assist with authentication/authorization for calls made to the API gateway.
For more information on using the API gateway Lambda authorizer, kindly refer to the following URL:
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.htmlThe correct answer to the question is B. Use a Lambda authorizer.
API Gateway is an Amazon Web Services (AWS) service that enables developers to create, manage, and secure APIs for applications. AWS Lambda is a serverless computing service provided by Amazon that enables developers to run code without having to manage servers. Lambda authorizers are AWS Lambda functions that authenticate and authorize requests made to API Gateway APIs.
To implement a custom module that can be used for authentication/authorization for calls made to the API gateway, you can use a Lambda authorizer. The Lambda authorizer is a function that runs before the API Gateway forwards the request to the backend service. It helps in validating the request by checking if the requester is authorized to access the API.
To create a Lambda authorizer, you need to define a Lambda function that receives the request from the API Gateway and returns an IAM policy. The IAM policy defines the access permissions for the requester.
Steps to create a Lambda authorizer:
Once the Lambda authorizer is configured, the API Gateway will invoke the authorizer before forwarding the request to the backend service. If the authorizer returns an allowed IAM policy, the API Gateway forwards the request to the backend service; otherwise, it returns an error.
Option A, enabling API Gateway caching, does not address the requirement of implementing a custom module for authentication/authorization.
Option C, using API endpoint, is not relevant to the requirement of implementing a custom module for authentication/authorization.
Option D, using CORS on the API Gateway, is a technique for enabling cross-origin resource sharing and does not address the requirement of implementing a custom module for authentication/authorization.