AWS Certified Solutions Architect – Associate (SAA-C03) — Question 347

A company uses Amazon API Gateway to run a private gateway with two REST APIs in the same VPC. The BuyStock RESTful web service calls the CheckFunds RESTful web service to ensure that enough funds are available before a stock can be purchased. The company has noticed in the VPC flow logs that the BuyStock RESTful web service calls the CheckFunds RESTful web service over the internet instead of through the VPC. A solutions architect must implement a solution so that the APIs communicate through the VPC.

Which solution will meet these requirements with the FEWEST changes to the code?

Answer options

• A. Add an X-API-Key header in the HTTP header for authorization.
• B. Use an interface endpoint.
• C. Use a gateway endpoint.
• D. Add an Amazon Simple Queue Service (Amazon SQS) queue between the two REST APIs.

Correct answer: B

Explanation

To allow private REST APIs in Amazon API Gateway to communicate securely within a VPC without traversing the public internet, an interface VPC endpoint (powered by AWS PrivateLink) must be used. Gateway endpoints are only available for Amazon S3 and DynamoDB, making them inapplicable here. Utilizing an interface endpoint achieves private routing with minimal configuration, whereas adding an SQS queue would require significant application code changes.