A company has deployed a new REST API by using Amazon API Gateway. The company uses the API to access confidential data. The API must be accessed from only specific VPCs in the company.
Which solution will meet these requirements?
A.
Create and attach a resource policy to the API Gateway API. Configure the resource policy to allow only the specific VPC IDs.
B.
Add a security group to the API Gateway API. Configure the inbound rules to allow only the specific VPC IP address ranges.
C.
Create and attach an IAM role to the API Gateway API. Configure the IAM role to allow only the specific VPC IDs.
D.
Add an ACL to the API Gateway API. Configure the outbound rules to allow only the specific VPC IP address ranges.
Amazon API Gateway supports resource policies, which allow you to control who can access your API based on the source IP address, VPC ID, or even specific IP address ranges.
In this case, to restrict access to the API from only specific VPCs, you would create and attach a resource policy to the API Gateway. The resource policy allows you to specify which VPCs (via their VPC IDs) can access the API, ensuring that the API can only be accessed from the designated VPCs.
The resource policy is the most efficient and appropriate method for achieving this in API Gateway.
Explanation:
API Gateway supports resource policies, which can restrict access based on specific conditions, such as VPC IDs or IP ranges. You can attach a resource policy to the API Gateway that allows access only from specific VPCs. This is the most direct and secure way to meet the requirement of allowing access only from specific VPCs.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Srikantha
4 weeks, 1 day agoCHRIS12722222
4 months, 1 week agoKy_24
4 months, 2 weeks ago