AWS Certified Solutions Architect - Associate

Ultimate access to all questions.

Explanation:

Explanation

Correct Answer: D - Implement API usage plans and API keys to limit the access of users who do not have a subscription.

Why this is the correct answer:

API Gateway Usage Plans are specifically designed to control access to API methods based on subscription levels. They allow you to:
- Create different usage plans for different user tiers (free vs. premium)
- Associate API keys with specific usage plans
- Set throttling limits and quotas per usage plan
Least Operational Overhead: This solution leverages existing API Gateway capabilities without requiring:
- Complex IAM policy management
- Additional security services like WAF
- Application code changes for authorization logic
Integration with Cognito: API Gateway can work with Cognito user pools for authentication, and then use usage plans to control access based on subscription status.

Analysis of other options:

A. Enable API caching and throttling on the API Gateway API.

❌ This only improves performance and rate limiting, not authorization based on subscription status.

B. Set up AWS WAF on the API Gateway API. Create a rule to filter users who have a subscription.

❌ AWS WAF is designed for web application security (SQL injection, XSS, etc.), not for subscription-based authorization. It would be complex and inappropriate for this use case.

C. Apply fine-grained IAM permissions to the premium content in the DynamoDB table.

❌ While possible, this would require complex IAM policy management and would need to integrate with Cognito user attributes. It has higher operational overhead than API Gateway usage plans.

Key AWS Services Involved:

Amazon API Gateway: Provides usage plans and API keys for subscription management
Amazon Cognito: Handles user authentication
AWS Lambda: Business logic execution
Amazon DynamoDB: Data storage

Implementation Approach:

Create two usage plans in API Gateway: "Free" and "Premium"
Associate API keys with users based on their subscription status
Configure API methods to require API keys
Set appropriate throttling limits for each usage plan
Update application to distribute API keys to authenticated users based on their subscription tier

Explanation:

Correct Answer: D - Implement API usage plans and API keys to limit the access of users who do not have a subscription.

Why this is the correct answer:

API Gateway Usage Plans are specifically designed to control access to API methods based on subscription levels. They allow you to:
- Create different usage plans for different user tiers (free vs. premium)
- Associate API keys with specific usage plans
- Set throttling limits and quotas per usage plan
Least Operational Overhead: This solution leverages existing API Gateway capabilities without requiring:
- Complex IAM policy management
- Additional security services like WAF
- Application code changes for authorization logic
Integration with Cognito: API Gateway can work with Cognito user pools for authentication, and then use usage plans to control access based on subscription status.

Analysis of other options:

A. Enable API caching and throttling on the API Gateway API.

❌ This only improves performance and rate limiting, not authorization based on subscription status.

B. Set up AWS WAF on the API Gateway API. Create a rule to filter users who have a subscription.

❌ AWS WAF is designed for web application security (SQL injection, XSS, etc.), not for subscription-based authorization. It would be complex and inappropriate for this use case.

C. Apply fine-grained IAM permissions to the premium content in the DynamoDB table.

❌ While possible, this would require complex IAM policy management and would need to integrate with Cognito user attributes. It has higher operational overhead than API Gateway usage plans.

Key AWS Services Involved:

Amazon API Gateway: Provides usage plans and API keys for subscription management
Amazon Cognito: Handles user authentication
AWS Lambda: Business logic execution
Amazon DynamoDB: Data storage

Implementation Approach:

Create two usage plans in API Gateway: "Free" and "Premium"
Associate API keys with users based on their subscription status
Configure API methods to require API keys
Set appropriate throttling limits for each usage plan
Update application to distribute API keys to authenticated users based on their subscription tier

No comments yet.

Other

Community

UAnonymous

Last updated: May 5, 2026 at 14:02

Enable API caching and throttling on the API Gateway API.

0.0%

Set up AWS WAF on the API Gateway API. Create a rule to filter users who have a subscription.

25.0%