AWS Certified Solutions Architect – Associate (SAA-C03) — Question 522

A company has a workload in an AWS Region. Customers connect to and access the workload by using an Amazon API Gateway REST API. The company uses Amazon Route 53 as its DNS provider. The company wants to provide individual and secure URLs for all customers.

Which combination of steps will meet these requirements with the MOST operational efficiency? (Choose three.)

Answer options

• A. Register the required domain in a registrar. Create a wildcard custom domain name in a Route 53 hosted zone and record in the zone that points to the API Gateway endpoint.
• B. Request a wildcard certificate that matches the domains in AWS Certificate Manager (ACM) in a different Region.
• C. Create hosted zones for each customer as required in Route 53. Create zone records that point to the API Gateway endpoint.
• D. Request a wildcard certificate that matches the custom domain name in AWS Certificate Manager (ACM) in the same Region.
• E. Create multiple API endpoints for each customer in API Gateway.
• F. Create a custom domain name in API Gateway for the REST API. Import the certificate from AWS Certificate Manager (ACM).

Correct answer: A, D, F

Explanation

To efficiently provide unique, secure URLs for multiple customers using Amazon API Gateway, a wildcard custom domain name should be registered and configured in a Route 53 hosted zone pointing to API Gateway (A). This requires a matching wildcard SSL/TLS certificate from AWS Certificate Manager (ACM) in the same Region where the regional API Gateway endpoint resides (D). Finally, configuring the custom domain name in API Gateway and associating it with the ACM certificate (F) enables secure HTTPS connections for all customer subdomains without the administrative overhead of managing separate endpoints or individual hosted zones for each customer.