Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 251 discussion

Ans is Opt D, A usage plan provides select customers with specific access permissions and request quotas, which helps manage and restrict usage to prevent overuse of resources. API keys are used for tracking and controlling how the API is used. This additional layer of security ensures that only those with the key can access the API. Why not Opt C, Amazon API Gateway doesn't support request limiting through resource policies. You can set permissions on who can access your API using a resource policy, but rate limiting isn't handled by resource policies. API keys alone do not provide throttling or rate limiting. For throttling, you typically would need to use them along with usage plans

Answer D https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-aws-waf.html https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-usage-plans.html

c ANS C. WAF with IP Filtering and Resource Policy: Pros: Simple and cost-effective solution. WAF rules and resource policy restrict access. Cons: IP filtering might not be effective if partners use dynamic IP addresses. Resource policy request limit applies to all methods, not just POST.

Option D

def answ D as described here https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-aws-waf.html

Correct D.

D fits

Amazon API Gateway resource policies are JSON policy documents that you attach to an API to control whether a specified principal (typically an IAM role or group) can invoke the API. You can use API Gateway resource policies to allow your API to be securely invoked by: Users from a specified AWS account. Specified source IP address ranges or CIDR blocks. Specified virtual private clouds (VPCs) or VPC endpoints (in any account).

It's D. The IP filtering is done with the WAF ACL so there is no need to do another IP filtering by using resource policies which can do exactly that. https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-resource-policies.html

d-d-d-d-d-d

D is classic use of "usage plan" in API Gateway addicionally more apropiate practice is API Key for autentication or other methos

I vote for D since I couldn't find a way to set up a request limit in resource policy https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-resource-policies.html

Option C provides a cost-effective approach to securing the API while allowing access only to the IP addresses used by the six partners. By creating an AWS WAF web ACL and configuring it to allow access only to the IP addresses of the trusted partners, the company can effectively block requests originating from unauthorized sources. Associating the web ACL with the API ensures that the filtering rules are applied to the API traffic. Additionally, creating a resource policy with a request limit allows the company to set a maximum limit on the number of requests that can be made to the API within a given time frame. This helps mitigate the impact of potential botnet traffic, ensuring that the API is not overwhelmed with excessive requests. Requiring an API key on the POST method adds an extra layer of security by enforcing authentication for accessing the API. This ensures that only authorized partners with valid API keys can successfully make requests to the API.

GPT 4.0: AWS WAF is a web application firewall that lets you monitor HTTP and HTTPS requests that are forwarded to Amazon API Gateway. The solution architect can create a WAF rule that allows access only from the IP addresses of the six partners. A usage plan in API Gateway provides throttling and quota limits to manage the rate of requests from your customers and prevent attacks. Setting a request limit that matches the expected usage of the partners would help to protect the API.