A global company uses Amazon API Gateway to provide REST APIs for loyalty users in the us-east-1 and ap-southeast-2 Regions. A solutions architect must protect these API Gateway managed REST APIs across multiple accounts from SQL injection and cross-site scripting attacks with the LEAST administrative effort. Which solution should the architect use?
Choose an answer
Tap an option to check your answer.
Correct answer: Set up AWS Firewall Manager in both Regions. Centrally configure AWS WAF rules..
Why this is the answer
The correct solution is to set up AWS Firewall Manager in both Regions and centrally configure AWS WAF rules because Firewall Manager allows for centralized management of AWS WAF rules across multiple accounts and regions with minimal administrative effort. This directly addresses the requirement for protecting APIs across multiple accounts and regions from SQL injection and cross-site scripting attacks. Setting up AWS WAF in both Regions and associating regional web ACLs with an API stage would work but requires more administrative effort to manage WAF rules individually across accounts and regions. AWS Shield (Standard or Advanced) primarily provides DDoS protection and does not inherently protect against SQL injection or cross-site scripting attacks, making it unsuitable for this specific requirement. Setting up AWS Shield in only one region would also leave the other region unprotected.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed