Learn how to build a scalable and secure cloud photo storage application using AWS services such as API Gateway, Lambda, Cognito, S3, and DynamoDB. Find out the best solution to meet the requirements with the least operational overhead.
Table of Contents
Question
A developer is creating an application that will give users the ability to store photos from their cellphones in the cloud. The application needs to support tens of thousands of users. The application uses an Amazon API Gateway REST API that is integrated with AWS Lambda functions to process the photos. The application stores details about the photos in Amazon DynamoDB.
Users need to create an account to access the application. In the application, users must be able to upload photos and retrieve previously uploaded photos. The photos will range in size from 300 KB to 5 MB.
Which solution will meet these requirements with the LEAST operational overhead?
A. Use Amazon Cognito user pools to manage user accounts. Create an Amazon Cognito user pool authorizer in API Gateway to control access to the API. Use the Lambda function to store the photos and details in the DynamoDB table. Retrieve previously uploaded photos directly from the DynamoDB table.
B. Use Amazon Cognito user pools to manage user accounts. Create an Amazon Cognito user pool authorizer in API Gateway to control access to the API. Use the Lambda function to store the photos in Amazon S3. Store the object’s S3 key as part of the photo details in the DynamoDB table. Retrieve previously uploaded photos by querying DynamoDB for the S3 key.
C. Create an IAM user for each user of the application during the sign-up process. Use IAM authentication to access the API Gateway API. Use the Lambda function to store the photos in Amazon S3. Store the object’s S3 key as part of the photo details in the DynamoDB table. Retrieve previously uploaded photos by querying DynamoDB for the S3 key.
D. Create a users table in DynamoDB. Use the table to manage user accounts. Create a Lambda authorizer that validates user credentials against the users table. Integrate the Lambda authorizer with API Gateway to control access to the API. Use the Lambda function to store the photos in Amazon S3. Store the object’s S3 key as par of the photo details in the DynamoDB table. Retrieve previously uploaded photos by querying DynamoDB for the S3 key.
Answer
B. Use Amazon Cognito user pools to manage user accounts. Create an Amazon Cognito user pool authorizer in API Gateway to control access to the API. Use the Lambda function to store the photos in Amazon S3. Store the object’s S3 key as part of the photo details in the DynamoDB table. Retrieve previously uploaded photos by querying DynamoDB for the S3 key.
Explanation
The correct answer is B. Use Amazon Cognito user pools to manage user accounts. Create an Amazon Cognito user pool authorizer in API Gateway to control access to the API. Use the Lambda function to store the photos in Amazon S3. Store the object’s S3 key as part of the photo details in the DynamoDB table. Retrieve previously uploaded photos by querying DynamoDB for the S3 key.
This solution will meet the requirements with the least operational overhead because it leverages AWS services to handle user authentication, authorization, and storage of photos and metadata. Amazon Cognito is a service that provides user sign-up, sign-in, and access control for web and mobile applications. A user pool is a user directory in Amazon Cognito that allows users to create accounts and sign in to the application. By using Amazon Cognito user pools, the developer can manage user accounts without having to write any custom code or maintain any servers.
Amazon API Gateway is a service that enables developers to create, publish, maintain, monitor, and secure REST APIs. An authorizer is a Lambda function that API Gateway invokes to authorize requests before they reach the backend integration. A user pool authorizer is a type of authorizer that uses a user pool as the identity source and verifies the JSON Web Tokens (JWTs) that are returned by Amazon Cognito when users sign in. By creating an Amazon Cognito user pool authorizer in API Gateway, the developer can control access to the API and ensure that only authenticated users can upload and retrieve photos.
Amazon S3 is a service that provides object storage for any type of data. By using the Lambda function to store the photos in Amazon S3, the developer can benefit from the scalability, durability, availability, and security of S3. The developer can also store the object’s S3 key as part of the photo details in the DynamoDB table. DynamoDB is a service that provides a fully managed NoSQL database for applications. By storing the photo details in DynamoDB, the developer can easily query and retrieve them using primary keys or secondary indexes.
The other options are not as suitable because:
- Option A: Using the Lambda function to store the photos and details in DynamoDB is not a good solution for storing photos, as DynamoDB has a limit of 400 KB per item. This means that photos larger than 400 KB would not fit in a single item and would require additional logic to split and merge them. Moreover, storing photos in DynamoDB would increase the storage cost and reduce the performance of queries.
- Option C: Creating an IAM user for each user of the application during the sign-up process is not a good solution for managing user accounts, as IAM users are intended for controlling access to AWS resources rather than application resources. This approach would also introduce more operational overhead, as the developer would have to create and manage IAM users programmatically using AWS SDKs or CLI.
- Option D: Creating a users table in DynamoDB and using a Lambda authorizer to validate user credentials is not a good solution for managing user accounts, as it would require writing custom code for handling user sign-up, sign-in, password management, and token generation. This approach would also introduce more operational overhead, as the developer would have to maintain and update the Lambda authorizer function.
Therefore, option B is the best answer for this question.
The latest AWS Certified Developer – Associate DVA-C02 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Developer – Associate DVA-C02 exam and earn AWS Certified Developer – Associate DVA-C02 certification.