AWS Certified Solutions Architect – Associate (SAA-C03) — Question 358

A company’s web application consists of an Amazon API Gateway API in front of an AWS Lambda function and an Amazon DynamoDB database. The Lambda function handles the business logic, and the DynamoDB table hosts the data. The application uses Amazon Cognito user pools to identify the individual users of the application. A solutions architect needs to update the application so that only users who have a subscription can access premium content.

Which solution will meet this requirement with the LEAST operational overhead?

Answer options

• A. Enable API caching and throttling on the API Gateway API.
• B. Set up AWS WAF on the API Gateway API. Create a rule to filter users who have a subscription.
• C. Apply fine-grained IAM permissions to the premium content in the DynamoDB table.
• D. Implement API usage plans and API keys to limit the access of users who do not have a subscription.

Correct answer: D

Explanation

Amazon API Gateway usage plans and API keys allow developers to easily restrict API access to specific customer tiers, such as subscribers, with minimal configuration and overhead. AWS WAF is not designed to handle user subscription levels, and fine-grained IAM permissions for DynamoDB would be overly complex to manage for individual end-users. API caching and throttling are performance and rate-limiting features, not access control mechanisms for subscription management.