A company operates an application in the AWS Cloud, which includes microservices running on Amazon EC2 instances across multiple Availability Zones, managed by an Application Load Balancer. Recently, a new REST API was integrated using Amazon API Gateway. Certain legacy microservices on EC2 instances require access to this new API. The company seeks to restrict public internet access to the API and prevent proprietary data from traversing the public internet. What solution should a solutions architect implement to fulfill these security requirements?

Exam-Like

Establish an AWS Site-to-Site VPN between the VPC and API Gateway, and utilize API Gateway to issue a unique API Key for each microservice, configuring the API methods to enforce key authentication.

0.0%

Deploy an interface VPC endpoint for API Gateway, configure an endpoint policy to restrict access to the specific API, and attach a resource policy to API Gateway limiting access to the VPC endpoint. Modify the API Gateway endpoint type to private.

80.0%

Configure the API Gateway to employ IAM authentication, adjust the IAM policy associated with the EC2 instances' IAM role to permit access to the API Gateway, and relocate the API Gateway to a new VPC. Implement a transit gateway to interconnect the VPCs.

20.0%

Set up an accelerator in AWS Global Accelerator linked to the API Gateway, update the route tables of all VPC subnets to direct traffic to the Global Accelerator endpoint IP address, and include an API key for each service for authentication purposes.

0.0%

AWS Certified Solutions Architect - Professional

Comments

Get started today