AWS Certified Solutions Architect – Associate (SAA-C03) — Question 452

A company is developing a microservices application that will provide a search catalog for customers. The company must use REST APIs to present the frontend of the application to users. The REST APIs must access the backend services that the company hosts in containers in private VPC subnets.

Which solution will meet these requirements?

Answer options

• A. Design a WebSocket API by using Amazon API Gateway. Host the application in Amazon Elastic Container Service (Amazon ECS) in a private subnet. Create a private VPC link for API Gateway to access Amazon ECS.
• B. Design a REST API by using Amazon API Gateway. Host the application in Amazon Elastic Container Service (Amazon ECS) in a private subnet. Create a private VPC link for API Gateway to access Amazon ECS.
• C. Design a WebSocket API by using Amazon API Gateway. Host the application in Amazon Elastic Container Service (Amazon ECS) in a private subnet. Create a security group for API Gateway to access Amazon ECS.
• D. Design a REST API by using Amazon API Gateway. Host the application in Amazon Elastic Container Service (Amazon ECS) in a private subnet. Create a security group for API Gateway to access Amazon ECS.

Correct answer: B

Explanation

The scenario specifies a requirement for REST APIs, which rules out the WebSocket API options (A and C). To connect a public Amazon API Gateway to backend services hosted in private VPC subnets, a private VPC link must be configured. Utilizing only security groups is insufficient because API Gateway is a managed service that cannot be placed directly into a security group without this VPC integration, making Option B the correct solution.