Topic 1 Question 233
2 つ選択A company groups its AWS accounts in OUs in an organization in AWS Organizations. The company has deployed a set of Amazon API Gateway APIs in one of the Organizations accounts. The APIs are bound to the account's VPC and have no existing authentication mechanism. Only principals in a specific OU can have permissions to invoke the APIs.
The company applies the following policy to the API Gateway interface VPC endpoint:
The company also updates the API Gateway resource policies to deny invocations that do not come through the interface VPC endpoint. After the updates, the following error message appears during attempts to use the interface VPC endpoint URL to invoke an API: "User: anonymous is not authorized."
Which combination of steps will solve this problem?
Enable IAM authentication on all API methods by setting AWS JAM as the authorization method.
Create a token-based AWS Lambda authorizer that passes the caller's identity in a bearer token.
Create a request parameter-based AWS Lambda authorizer that passes the caller's identity in a combination of headers, query string parameters, stage variables, and $cortext variables.
Use Amazon Cognito user pools as the authorizer to control access to the API.
Verify the identity of the requester by using Signature Version 4 to sign client requests by using AWS credentials.
ユーザの投票
コメント(8)
- 正解だと��思う選択肢: AE
Hope is Typo for the Option A, AWS JAM = AWS IAM
Option A. Enable IAM authentication on all API methods by setting AWS IAM as the authorization method.
- This ensures that all requests to the API must be authenticated using IAM credentials, directly addressing the anonymous access issue.
Option E. Verify the identity of the requester by using Signature Version 4 to sign client requests by using AWS credentials.
- By using AWS Signature Version 4, requests are authenticated, ensuring they are authorized according to IAM policies linked to the specific Organizational Unit.
👍 5jamesf2024/07/30 - 正解だと思う選択肢: AE
JAM= IAM
👍 4d9iceguy2024/07/22 - 正解だと思う選択肢: AE
You can enable IAM authorization for HTTP API routes. When IAM authorization is enabled, clients must use Signature Version 4 (SigV4) to sign their requests with AWS credentials. API Gateway invokes your API route only if the client has execute-api permission for the route.
👍 4GripZA2024/08/19
シャッフルモード