Topic 1 Question 251
A company is creating a REST API to share information with six of its partners based in the United States. The company has created an Amazon API Gateway Regional endpoint. Each of the six partners will access the API once per day to post daily sales figures.
After initial deployment, the company observes 1,000 requests per second originating from 500 different IP addresses around the world. The company believes this traffic is originating from a botnet and wants to secure its API while minimizing cost.
Which approach should the company take to secure its API?
Create an Amazon CloudFront distribution with the API as the origin. Create an AWS WAF web ACL with a rule to block clients that submit more than five requests per day. Associate the web ACL with the CloudFront distribution. Configure CloudFront with an origin access identity (OAI) and associate it with the distribution. Configure API Gateway to ensure only the OAI can run the POST method.
Create an Amazon CloudFront distribution with the API as the origin. Create an AWS WAF web ACL with a rule to block clients that submit more than five requests per day. Associate the web ACL with the CloudFront distribution. Add a custom header to the CloudFront distribution populated with an API key. Configure the API to require an API key on the POST method.
Create an AWS WAF web ACL with a rule to allow access to the IP addresses used by the six partners. Associate the web ACL with the API. Create a resource policy with a request limit and associate it with the API. Configure the API to require an API key on the POST method.
Create an AWS WAF web ACL with a rule to allow access to the IP addresses used by the six partners. Associate the web ACL with the API. Create a usage plan with a request limit and associate it with the API. Create an API key and add it to the usage plan.
ユーザの投票
コメント(13)
- 正解だと思う選択肢: D
Ans is Opt D, A usage plan provides select customers with specific access permissions and request quotas, which helps manage and restrict usage to prevent overuse of resources. API keys are used for tracking and controlling how the API is used. This additional layer of security ensures that only those with the key can access the API. Why not Opt C, Amazon API Gateway doesn't support request limiting through resource policies. You can set permissions on who can access your API using a resource policy, but rate limiting isn't handled by resource policies. API keys alone do not provide throttling or rate limiting. For throttling, you typically would need to use them along with usage plans
👍 6shree20232023/06/23 - 正解だと思う選択肢: D
I vote for D since I couldn't find a way to set up a request limit in resource policy https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-resource-policies.html
👍 2Maria20232023/06/24 - 正解だと思う選択肢: D
D is classic use of "usage plan" in API Gateway addicionally more apropiate practice is API Key for autentication or other methos
👍 2SkyZeroZx2023/06/25
シャッフルモード