AWS Certified Developer – Associate — Question 254

A company that manages movie reviews wants to make its movie review data available to its customers by calling a set of REST web service endpoints. The company will develop the retrieval functionality as AWS Lambda functions and will expose the functionality to customers as an Amazon API Gateway REST API.

The company needs to ensure that no consumer exceeds 100 requests a day to the API during the initial deployment. The company decides to use API Gateway API keys to restrict access. The company creates and issues API keys for each customer.

What should the company do next to meet these requirements with the LEAST administrative effort?

Answer options

• A. Create a usage plan that applies throttling at 100 requests a day. Associate the usage plan with the API keys of all customers.
• B. Create an Amazon DynamoDB table to track all the requests that use a particular API key. For each request to the API, count the number of records in the DynamoDB table for that day for the API key. If the number of requests is 100 or greater, generate an exception.
• C. Create a usage plan that applies a quota of 100 requests a day. Associate the usage plan with the API keys of all customers.
• D. Create an Amazon Aurora table to track all the requests that use a particular API key. For each request to the API, count the number of records in the Aurora table for that day for the API key. If the number of requests is 100 or greater, generate an exception.

Correct answer: C

Explanation

The correct answer is C because creating a usage plan with a quota of 100 requests per day is the simplest and most efficient method to limit access without extensive tracking or additional infrastructure. Options A and B involve unnecessary complexity, while D also adds complexity by using a database that is not needed for this straightforward request limiting.