A company is using Amazon API Gateway to deploy a private REST API that will provide acce…

Question

A company is using Amazon API Gateway to deploy a private REST API that will provide access to sensitive data. The API must be accessible only from an application that is deployed in a VPC. The company deploys the API successfully. However, the API is not accessible from an Amazon EC2 instance that is deployed in the VPC. Which solution will provide connectivity between the EC2 instance and the API?

Accepted Answer

Correct answer: B. B. Create an interface VPC endpoint for API Gateway. Attach an endpoint policy that allows the execute-api:Invoke action. Enable private DNS naming for the VPC endpoint. Configure an API resource policy that allows access from the VPC endpoint. Use the API endpoint’s DNS names to access the API. — To securely access a private REST API in Amazon API Gateway from a VPC, you must create an interface VPC endpoint and enable private DNS naming so that standard API Gateway DNS hostnames resolve to the endpoint. Additionally, the endpoint policy must permit the 'execute-api:Invoke' action, and the API's resource policy must be configured to allow access from that specific VPC endpoint. Utilizing VPC Links with load balancers is incorrect because VPC Links are used to route downstream integration traffic from API Gateway to backend services inside a VPC, rather than providing client access to the API itself.

AWS Certified Solutions Architect – Professional (SAP-C02) — Question 350

Answer options

Correct answer: B

Explanation