Answer-first summary for fast verification
Answer: Design a REST API by using Amazon API Gateway. Host the application in Amazon Elastic Container Service (Amazon ECS) in a private subnet. Create a private VPC link for API Gateway to access Amazon ECS.
## Explanation **Correct Answer: B** **Why Option B is correct:** 1. **REST API requirement**: The question explicitly states that the company "must use REST APIs to present the frontend of the application to users." Option B correctly uses a REST API with Amazon API Gateway. 2. **Private subnet hosting**: The backend services are hosted in containers in private VPC subnets, which is correctly implemented using Amazon ECS in a private subnet. 3. **Private VPC link**: To allow API Gateway to access services in private subnets, a VPC link (also called VPC endpoint) is required. This establishes a private connection between API Gateway and the VPC without exposing the backend services to the internet. **Why other options are incorrect:** - **Option A**: Uses WebSocket API instead of REST API, which violates the requirement for REST APIs. - **Option C**: Uses WebSocket API instead of REST API, and security groups alone cannot enable API Gateway to access private subnets. Security groups control traffic at the instance level, but API Gateway needs a VPC link to reach private subnets. - **Option D**: Uses REST API correctly, but security groups cannot enable API Gateway to access private subnets. API Gateway operates outside the VPC and needs a VPC link to establish connectivity to resources in private subnets. **Key AWS Concepts:** - **API Gateway VPC Link**: Enables API Gateway to securely access resources in a VPC without exposing them to the internet. - **Private Subnets**: Subnets without internet gateways, requiring private connectivity solutions like VPC links for external services to access them. - **Security Groups vs VPC Links**: Security groups control traffic at the instance/container level, while VPC links provide the network-level connectivity between API Gateway and the VPC.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company is developing a microservices application that will provide a search catalog for customers. The company must use REST APIs to present the frontend of the application to users. The REST APIs must access the backend services that the company hosts in containers in private VPC subnets.
Which solution will meet these requirements?
A
Design a WebSocket API by using Amazon API Gateway. Host the application in Amazon Elastic Container Service (Amazon ECS) in a private subnet. Create a private VPC link for API Gateway to access Amazon ECS.
B
Design a REST API by using Amazon API Gateway. Host the application in Amazon Elastic Container Service (Amazon ECS) in a private subnet. Create a private VPC link for API Gateway to access Amazon ECS.
C
Design a WebSocket API by using Amazon API Gateway. Host the application in Amazon Elastic Container Service (Amazon ECS) in a private subnet. Create a security group for API Gateway to access Amazon ECS.
D
Design a REST API by using Amazon API Gateway. Host the application in Amazon Elastic Container Service (Amazon ECS) in a private subnet. Create a security group for API Gateway to access Amazon ECS.