You are building a mobile app for consumers to post cat pictures online.
You will be storing the images in AWS S3
You want to run the system very cheaply and simply.
Which one of these options allows you to build a photo-sharing application with the right authentication/authorization implementation?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - A.
Amazon Cognito lets you easily add user sign-up and sign-in and manage permissions for your mobile and web apps.
You can create your own user directory within Amazon Cognito.
You can also choose to authenticate users through social identity providers such as Facebook, Twitter, or Amazon; with SAML identity solutions; or by using your own identity system.
In addition, Amazon Cognito enables you to save data locally on users' devices, allowing your applications to work even when the devices are offline.
You can then synchronize data across users' devices so that their app experience remains consistent regardless of the device they use.
For more information on AWS Cognito, please visit the below URL:
http://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.htmlOption A is the correct answer for building a photo-sharing application with the right authentication/authorization implementation that runs cheaply and simply.
AWS Cognito is an AWS service that provides user authentication and authorization. It also supports social identity providers, such as Facebook or Google Accounts, which enables you to leverage existing identities and allows users to log in using their existing social media credentials. Cognito provides user sign-up, sign-in, and access control to web and mobile applications.
Web Identity Federation is a service that enables you to create applications that can access AWS resources by authenticating users through social identity providers. By using web identity federation, you don't have to create and maintain your own user pool and identity management system, which can be expensive and time-consuming.
Using the secret token passed to the user during the authentication process, you can grant access to AWS resources like S3 directly, eliminating the need for a custom SDK or API Gateway with a constantly rotating API key.
Option B suggests using JWT or SAML compliant systems to build authorization policies. These are valid options for authorization, but they do not address the authentication aspect of the problem. Also, creating and maintaining an authorization system would require a lot of time, effort, and cost, which goes against the requirement of running the system cheaply and simply.
Option C suggests using API Gateway with a constantly rotating API key to allow access from the client-side. Although API Gateway provides authentication and authorization capabilities, it requires you to create and manage a custom SDK to access S3. This would increase the complexity and cost of the system, which is not in line with the requirement of running it cheaply and simply.
Option D suggests creating an AWS oAuth Service Domain and granting public signup and access to the domain. This option would require a lot of effort and expertise to set up and maintain, and it is not the best solution for a simple and cheap system.
In conclusion, option A is the best choice for building a photo-sharing application that is simple, cheap, and secure. By using AWS Cognito with web identity federation, you can provide user authentication and authorization with minimal effort and cost.