Answer-first summary for fast verification
Answer: Set up an interface VPC endpoint for API Gateway, attach an endpoint policy allowing the execute-api:Invoke action, enable private DNS naming for the VPC endpoint, configure an API resource policy to allow access from the VPC endpoint, and use the API endpoint’s DNS names to access the API.
The correct answer is B. Setting up an interface VPC endpoint for API Gateway and enabling private DNS naming for the VPC endpoint ensures that the API will be accessible within the VPC using its private DNS name. Additionally, attaching an endpoint policy that permits the execute-api:Invoke action ensures that the EC2 instance has the necessary permissions to invoke the API. Configuring an API resource policy to allow access specifically from the VPC endpoint provides an additional layer of security, ensuring that only resources within the specified VPC can access the API.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company has successfully deployed a private REST API using Amazon API Gateway to manage sensitive data. This API is intended to be accessed exclusively by an application running within a VPC. Despite the successful deployment, the API remains inaccessible from an Amazon EC2 instance located within the same VPC. What solution should be implemented to ensure connectivity between the EC2 instance and the private API?
A
Establish an interface VPC endpoint for API Gateway, attach an endpoint policy permitting all apigateway:* actions, disable private DNS naming for the VPC endpoint, configure an API resource policy to grant access from the VPC, and utilize the VPC endpoint's DNS name to access the API.
B
Set up an interface VPC endpoint for API Gateway, attach an endpoint policy allowing the execute-api:Invoke action, enable private DNS naming for the VPC endpoint, configure an API resource policy to allow access from the VPC endpoint, and use the API endpoint’s DNS names to access the API.
C
Deploy a Network Load Balancer (NLB) and create a VPC link, configure private integration between API Gateway and the NLB, and use the API endpoint’s DNS names to access the API.
D
Create an Application Load Balancer (ALB) and a VPC Link, configure private integration between API Gateway and the ALB, and use the ALB endpoint’s DNS name to access the API.