Which steps should a solutions architect take to block requests from unauthorized users?
(Choose two.)
Create a usage plan with an API key that is shared with genuine users only.
Integrate logic within the Lambda function to ignore the requests from fraudulent IP addresses.
Implement an AWS WAF rule to target malicious requests and trigger actions to filter them out.
Convert the existing public API to a private API. Update the DNS records to redirect users to the new API endpoint.
Create an IAM role for each user attempting to access the API. A user will assume the role when making the API call.
Explanations:
Creating a usage plan with an API key allows only authorized users who possess the key to access the API. This helps control access and monitor usage, reducing the impact of botnets.
Integrating logic within the Lambda function to ignore requests from fraudulent IP addresses is not a scalable solution. It could also lead to wasted compute resources, as Lambda functions would still be invoked, increasing costs and latency.
Implementing an AWS WAF (Web Application Firewall) rule allows you to filter out malicious requests before they reach the API Gateway. This is a proactive way to block known bad actors and mitigate threats effectively.
Converting the public API to a private API may not be practical, as it could hinder legitimate users who need access. Additionally, it requires significant changes to the application architecture and user access methods.
Creating an IAM role for each user is overly complex and impractical for a publicly accessible API. It complicates access management and does not effectively prevent unauthorized access by bots or malicious users.
If I had to guess, I’d say the answer is:
Create a usage plan with an API key that is shared with genuine users only.