Learn how to create a cloud photo storage app that can handle tens of thousands of users. This tutorial will show you how to use Amazon API Gateway, AWS Lambda, and Amazon DynamoDB to build a scalable and serverless application.
Question
A developer is creating an application that will give users the ability to store photos from their cellphones in the cloud. The application needs to support tens of thousands of users. The application uses an Amazon API Gateway REST API that is integrated with AWS Lambda functions to process the photos. The application stores details about the photos in Amazon DynamoDB.
Users need to create an account to access the application. In the application, users must be able to upload photos and retrieve previously uploaded photos. The photos will range in size from 300 KB to 5 MB.
Which solution will meet these requirements with the LEAST operational overhead?
A. Use Amazon Cognito user pools to manage user accounts. Create an Amazon Cognito user pool authorizer in API Gateway to control access to the API. Use the Lambda function to store the photos and details in the DynamoDB table. Retrieve previously uploaded photos directly from the DynamoDB table.
B. Use Amazon Cognito user pools to manage user accounts. Create an Amazon Cognito user pool authorizer in API Gateway to control access to the API. Use the Lambda function to store the photos in Amazon S3. Store the object’s S3 key as part of the photo details in the DynamoDB table. Retrieve previously uploaded photos by querying DynamoDB for the S3 key.
C. Create an IAM user for each user of the application during the sign-up process. Use IAM authentication to access the API Gateway API. Use the Lambda function to store the photos in Amazon S3. Store the object’s S3 key as part of the photo details in the DynamoDB table. Retrieve previously uploaded photos by querying DynamoDB for the S3 key.
D. Create a users table in DynamoDB. Use the table to manage user accounts. Create a Lambda authorizer that validates user credentials against the users table. Integrate the Lambda authorizer with API Gateway to control access to the API. Use the Lambda function to store the photos in Amazon S3. Store the object’s S3 key as par of the photo details in the DynamoDB table. Retrieve previously uploaded photos by querying DynamoDB for the S3 key.
Answer
B. Use Amazon Cognito user pools to manage user accounts. Create an Amazon Cognito user pool authorizer in API Gateway to control access to the API. Use the Lambda function to store the photos in Amazon S3. Store the object’s S3 key as part of the photo details in the DynamoDB table. Retrieve previously uploaded photos by querying DynamoDB for the S3 key.
Explanation
The correct answer is B. Use Amazon Cognito user pools to manage user accounts. Create an Amazon Cognito user pool authorizer in API Gateway to control access to the API. Use the Lambda function to store the photos in Amazon S3. Store the object’s S3 key as part of the photo details in the DynamoDB table. Retrieve previously uploaded photos by querying DynamoDB for the S3 key.
The reason is that Amazon Cognito is a service that can provide user sign-up, sign-in, and access control for web and mobile applications. Amazon Cognito user pools are user directories that can store and manage user profiles and attributes. Amazon Cognito user pools can also integrate with other AWS services, such as API Gateway, Lambda, or S3. Amazon Cognito user pools can help to manage user accounts and authentication for the application without requiring additional code or infrastructure.
To meet the requirements, the developer can use Amazon Cognito user pools to manage user accounts. The developer can create a user pool that defines the attributes and policies for the users of the application. The developer can also use the AWS SDK for the programming language or the Amazon Cognito API to enable users to sign up and sign in to the application.
The developer can also create an Amazon Cognito user pool authorizer in API Gateway to control access to the API. An Amazon Cognito user pool authorizer is a type of authorizer that validates the JSON Web Tokens (JWTs) that are issued by Amazon Cognito user pools. The developer can configure the API Gateway REST API to use the Amazon Cognito user pool authorizer for each method or resource that requires authentication. The developer can also use the AWS SDK for the programming language or the API Gateway API to send requests to the API with the JWTs.
The developer can also use the Lambda function to store the photos in Amazon S3. Amazon S3 is an object storage service that can store any amount of data in objects. Amazon S3 can also provide high durability, availability, and scalability for storing photos. The developer can use the AWS SDK for the programming language or the S3 API to upload photos from users’ cellphones to an S3 bucket from within the Lambda function.
The developer can also store the object’s S3 key as part of the photo details in the DynamoDB table. Amazon DynamoDB is a NoSQL database service that can store and query structured or semi-structured data. DynamoDB can also provide fast and consistent performance for storing photo details, such as name, date, or location. The developer can use the AWS SDK for the programming language or the DynamoDB API to put photo details and object keys in a DynamoDB table from within the Lambda function.
This solution will enable users to upload photos and retrieve previously uploaded photos using AWS APIs. The developer can use the AWS SDK for the programming language or the DynamoDB API to query photo details and object keys from the DynamoDB table by using user attributes or other criteria. The developer can then use the AWS SDK for the programming language or the S3 API to download photos from the S3 bucket by using the object keys.
Therefore, using Amazon Cognito user pools to manage user accounts, creating an Amazon Cognito user pool authorizer in API Gateway to control access to the API, using the Lambda function to store the photos in Amazon S3, storing the object’s S3 key as part of the photo details in the DynamoDB table, and retrieving previously uploaded photos by querying DynamoDB for the S3 key will meet these requirements with the least operational overhead.
The other options are incorrect because they are not efficient, reliable, or secure:
A. Storing both contact information and photos in a DynamoDB table is not efficient or reliable. DynamoDB has a limit of 400 KB per item, which means that large photos might exceed this limit or require additional processing to split or compress them. Moreover, storing large amounts of binary data in DynamoDB can incur higher storage costs and performance overhead than storing them in S3.
C. Creating an IAM user for each user of the application during the sign-up process is not secure or scalable. IAM is a service that can provide identity and access management for AWS resources and services. IAM users are entities that represent individuals or applications that interact with AWS APIs. However, creating an IAM user for each user of the application is not a recommended practice, as it exposes AWS credentials and permissions to external users. Moreover, creating an IAM user for each user of the application is not scalable, as it requires additional steps and costs to create and manage IAM users and policies.
D. Creating a users table in DynamoDB and using a Lambda authorizer that validates user credentials against the users table is not efficient or reliable. A Lambda authorizer is a type of authorizer that uses a Lambda function to validate incoming requests against custom logic or data sources. However, creating a users table in DynamoDB and using a Lambda authorizer requires additional code and infrastructure to manage user accounts and authentication. Moreover, creating a users table in DynamoDB and using a Lambda authorizer does not provide the same level of security and integration as using Amazon Cognito user pools.
The latest AWS Certified Developer – Associate DVA-C02 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Developer – Associate DVA-C02 exam and earn AWS Certified Developer – Associate DVA-C02 certification.
Alex Lim
Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook
