Ultimate access to all questions.
A company is developing an API-based application on AWS using a microservices architecture within a multi-account environment, where each microservice development team has a dedicated AWS account. Each team deploys its microservice in a separate VPC with Amazon EC2 instances behind a Network Load Balancer (NLB). A network engineer must configure Amazon API Gateway in a shared services account to create an HTTP API for exposing these microservices to external applications. The solution must ensure that access to the microservices is restricted to a private network and allow the company to control which internal network entities can connect to the microservices. Additionally, the solution must support future integration of new microservices. What is the MOST secure solution that meets these requirements?
A
Create an Application Load Balancer (ALB) in a VPC in the shared services account. Configure the integration to the API Gateway API by using a VPC link. Associate the VPC link with the ALB. Create a VPC endpoint service in each microservice account. Create an AWS PrivateLink endpoint for those services in the shared services account. Add the elastic network interface IP addresses of the VPC endpoint as targets for the target group of the ALB.
B
Create an Application Load Balancer (ALB) in a VPC in the shared services account. Configure the integration to the API Gateway API by using a VPC link. Associate the VPC link with the ALConnect all the VPCs to each other by using a central transit gateway. Add the IP addresses of the NLB as IP-based targets in the ALB target group.
C
Configure the integration to the API Gateway API by using HTTP-based integration. Connect all the VPCs to each other by using a central transit gateway. Create a separate HTTP integration to each NLB for each microservice. Add the HTTP endpoint of the NLB as the endpoint URL in the HTTP integration.
D
Configure the integration to the API Gateway API by using VPC link integration. Connect all the VPCs to each other by using a central transit gateway. Create a separate VPC link to each NLB for each microservice. Add the HTTP endpoint of the NLB as the endpoint URL in the VPC link integration.