AWS Certified Solutions Architect – Associate (SAA-C03) — Question 157

A company is running a publicly accessible serverless application that uses Amazon API Gateway and AWS Lambda. The application’s traffic recently spiked due to fraudulent requests from botnets.

Which steps should a solutions architect take to block requests from unauthorized users? (Choose two.)

Answer options

• A. Create a usage plan with an API key that is shared with genuine users only.
• B. Integrate logic within the Lambda function to ignore the requests from fraudulent IP addresses.
• C. Implement an AWS WAF rule to target malicious requests and trigger actions to filter them out.
• D. Convert the existing public API to a private API. Update the DNS records to redirect users to the new API endpoint.
• E. Create an IAM role for each user attempting to access the API. A user will assume the role when making the API call.

Correct answer: A, C

Explanation

Creating a usage plan with an API key (Option A) helps ensure that only verified users can access the API, effectively blocking unauthorized requests. Implementing an AWS WAF rule (Option C) can automatically filter out malicious traffic, providing an additional layer of protection. The other options, such as modifying the API access or adding logic in Lambda, are less effective in managing unauthorized access compared to these two solutions.