A company is developing an application in AWS. The application's HTTP API is published in Amazon API Gateway and contains critical information that must be accessible only from a limited set of trusted IP addresses from the company's internal network. Which solution meets this requirement?
Choose an answer
Tap an option to check your answer.
Correct answer: Create a resource policy for the API that denies access to any IP address that is not specifically allowed..
Why this is the answer
A resource policy for API Gateway allows you to control who can access your API and from where. By creating a resource policy that explicitly denies access to all IP addresses except for a specified list of trusted IPs, you effectively restrict access to only your company's internal network. Incorrect options: API Gateway private integration is used for integrating with private resources within a VPC, not for restricting public API access based on source IP. Deploying the API in a private subnet and using network ACLs would be relevant if the API was hosted on EC2 instances, but API Gateway is a managed service and doesn't directly reside in your private subnet in this manner. API Gateway does not have security groups directly attached to it that you can modify for IP-based access control. Security groups are typically associated with EC2 instances or ENIs within a VPC.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed