AWS Certified Developer Associate DVA-C02 Practice Question

The developer should implement a Lambda authorizer, which is a way to handle custom authorization logic before granting access to the serverless function endpoint. The Lambda authorizer can verify the validity of the token and determine if the request should be allowed or denied. This approach is particularly useful in serverless architectures where application components are loosely coupled, and an external identity provider manages user authentication. This verification is performed within the AWS environment without making a round trip to the external identity provider. On the contrary, IAM roles are for access management within AWS services and resources, not for validating tokens directly. Resource-based policies define permissions for AWS resources, but they do not provide a method for validating bearer tokens. Client-side certificates are used for mutual TLS (mTLS) authentication but do not apply to the scenario involving verification of tokens provided by an external identity provider.