Answer-first summary for fast verification
Answer: Implement API usage plans and API keys to limit the access of users who do not have a subscription.
## Explanation **Correct Answer: D - Implement API usage plans and API keys to limit the access of users who do not have a subscription.** **Why this is the correct answer:** 1. **API Gateway Usage Plans** are specifically designed to control access to API methods based on subscription levels. They allow you to: - Create different usage plans for different user tiers (free vs. premium) - Associate API keys with specific usage plans - Set throttling limits and quotas per usage plan 2. **Least Operational Overhead**: This solution leverages existing API Gateway capabilities without requiring: - Complex IAM policy management - Additional security services like WAF - Application code changes for authorization logic 3. **Integration with Cognito**: API Gateway can work with Cognito user pools for authentication, and then use usage plans to control access based on subscription status. **Analysis of other options:** **A. Enable API caching and throttling on the API Gateway API.** - ❌ This only improves performance and rate limiting, not authorization based on subscription status. **B. Set up AWS WAF on the API Gateway API. Create a rule to filter users who have a subscription.** - ❌ AWS WAF is designed for web application security (SQL injection, XSS, etc.), not for subscription-based authorization. It would be complex and inappropriate for this use case. **C. Apply fine-grained IAM permissions to the premium content in the DynamoDB table.** - ❌ While possible, this would require complex IAM policy management and would need to integrate with Cognito user attributes. It has higher operational overhead than API Gateway usage plans. **Key AWS Services Involved:** - **Amazon API Gateway**: Provides usage plans and API keys for subscription management - **Amazon Cognito**: Handles user authentication - **AWS Lambda**: Business logic execution - **Amazon DynamoDB**: Data storage **Implementation Approach:** 1. Create two usage plans in API Gateway: "Free" and "Premium" 2. Associate API keys with users based on their subscription status 3. Configure API methods to require API keys 4. Set appropriate throttling limits for each usage plan 5. Update application to distribute API keys to authenticated users based on their subscription tier
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company's web application consists of an Amazon API Gateway API in front of an AWS Lambda function and an Amazon DynamoDB database. The Lambda function handles the business logic, and the DynamoDB table hosts the data. The application uses Amazon Cognito user pools to identify the individual users of the application. A solutions architect needs to update the application so that only users who have a subscription can access premium content.
Which solution will meet this requirement with the LEAST operational overhead?
A
Enable API caching and throttling on the API Gateway API.
B
Set up AWS WAF on the API Gateway API. Create a rule to filter users who have a subscription.
C
Apply fine-grained IAM permissions to the premium content in the DynamoDB table.
D
Implement API usage plans and API keys to limit the access of users who do not have a subscription.