A company has developed a REST API using Amazon API Gateway's Regional endpoint to share data with six US-based partners. These partners access the API daily to submit sales figures. Post-deployment, the company notices a surge in traffic, with 1,000 requests per second from 500 distinct IP addresses globally, suspected to be from a botnet. The company aims to secure the API against this unauthorized access while minimizing costs. What strategy should the company adopt to enhance the API's security?

Exam-Like

Implement an Amazon CloudFront distribution with the API as its origin. Set up an AWS WAF web ACL to block clients exceeding five daily requests. Link the web ACL to the CloudFront distribution. Use an origin access identity (OAI) with CloudFront and configure API Gateway to restrict the POST method to only the OAI.

9.1%

Deploy an Amazon CloudFront distribution with the API as its origin. Establish an AWS WAF web ACL to block clients surpassing five daily requests. Attach the web ACL to the CloudFront distribution. Add a custom header with an API key to the CloudFront distribution and require the API key for the POST method in the API.

18.2%

Configure an AWS WAF web ACL to permit access from the six partners' IP addresses. Attach the web ACL to the API. Create a resource policy with a request limit and link it to the API. Mandate an API key for the POST method in the API.

27.3%

Set up an AWS WAF web ACL to allow access from the six partners' IP addresses. Attach the web ACL to the API. Develop a usage plan with a request limit and associate it with the API. Generate an API key and include it in the usage plan.

45.5%

AWS Certified Solutions Architect - Professional

Get started today

Comments