Topic 1 Question 159
2 つ選択A company is running a publicly accessible serverless application that uses Amazon API Gateway and AWS Lambda. The application’s traffic recently spiked due to fraudulent requests from botnets.
Which steps should a solutions architect take to block requests from unauthorized users?
Create a usage plan with an API key that is shared with genuine users only.
Integrate logic within the Lambda function to ignore the requests from fraudulent IP addresses.
Implement an AWS WAF rule to target malicious requests and trigger actions to filter them out.
Convert the existing public API to a private API. Update the DNS records to redirect users to the new API endpoint.
Create an IAM role for each user attempting to access the API. A user will assume the role when making the API call.
ユーザの投票
コメント(17)
A and C
👍 3Nigma2022/11/15Only answer C is an obviouis choice. B and D are clearly not right and A is the only remotely viable other answer but even then the documentation on API Keys and Usage quotas states not to rely on it to block API requests;
Usage plan throttling and quotas are not hard limits, and are applied on a best-effort basis. In some cases, clients can exceed the quotas that you set. Don’t rely on usage plan quotas or throttling to control costs or block access to an API. Consider using AWS Budgets to monitor costs and AWS WAF to manage API requests.
https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-usage-plans.html
👍 35up3rm4n2022/11/25I do not agree with A as it mentioned the application is publically accessible. "A company is running a publicly accessible serverless application that uses Amazon API Gateway and AWS Lambda". If this is public how can we ensure that genuine user?
I will go with CD
👍 3SoluAWS2022/12/26
シャッフルモード