AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 215

A company is developing an API-based application on AWS for its process workflow requirements. The API will be invoked by clients in the company’s on-premises data centers. The company has set up an AWS Direct Connect connection between on premises and AWS. A network engineer decides to implement the API as a private REST API in Amazon API Gateway. The network engineer wants to ensure that clients can reach the API endpoint through private communication.

Which solution can the network engineer use to invoke the API without any additional infrastructure setup?

Answer options

• A. Create an interface VPC endpoint for API Gateway with private DNS names enabled. Access the API by using the private DNS name of the endpoint.
• B. Create an interface VPC endpoint for API Gateway with private DNS names enabled. Access the API by using an Amazon Route 53 alias of the endpoint.
• C. Create an interface VPC endpoint for API Gateway. Associate the endpoint with the private REST API, Access the API by using an Amazon Route 53 alias of the endpoint.
• D. Create an interface VPC endpoint for API Gateway with private DNS names enabled. Access the API by using the public DNS name of the endpoint.

Correct answer: D

Explanation

The correct answer is D because using the public DNS name allows clients to access the API without additional infrastructure setup. Options A and B are incorrect as they rely on private DNS names, which would not be accessible from the on-premises location in this case. Option C is also incorrect since it requires using an Amazon Route 53 alias, which is not necessary for direct access via the public DNS name.