AWS Certified Security – Specialty (SCS-C03) — Question 13

A company uses Amazon API Gateway to present REST APIs to users. An API developer wants to analyze API access patterns without the need to parse the log files.
Which combination of steps will meet these requirements with the LEAST effort? (Choose two.)

Answer options

• A. Configure access logging for the required API stage.
• B. Configure an AWS CloudTrail trail destination for API Gateway events. Configure filters on the userIdentity, userAgent, and sourceIPAddress fields.
• C. Configure an Amazon S3 destination for API Gateway logs. Run Amazon Athena queries to analyze API access information.
• D. Use Amazon CloudWatch Logs Insights to analyze API access information.
• E. Select the Enable Detailed CloudWatch Metrics option on the required API stage.

Correct answer: A, D

Explanation

The correct answers are A and D. Configuring access logging (A) allows for straightforward logging of API calls, while using Amazon CloudWatch Logs Insights (D) enables easy querying and analysis of those logs without additional overhead. The other options involve more complex configurations or additional services that require more effort to set up and manage.