Which combination of steps will meet these requirements with the MOST operational efficiency?
(Choose three.)
Register the required domain in a registrar. Create a wildcard custom domain name in a Route 53 hosted zone and record in the zone that points to the API Gateway endpoint.
Request a wildcard certificate that matches the domains in AWS Certificate Manager (ACM) in a different Region.
Create hosted zones for each customer as required in Route 53. Create zone records that point to the API Gateway endpoint.
Request a wildcard certificate that matches the custom domain name in AWS Certificate Manager (ACM) in the same Region.
Create multiple API endpoints for each customer in API Gateway.
Create a custom domain name in API Gateway for the REST API. Import the certificate from AWS Certificate Manager (ACM).
Explanations:
Registering a domain and creating a wildcard custom domain name in Route 53 allows for dynamic subdomain handling for each customer. This enables individual URLs while pointing to a single API Gateway endpoint, providing operational efficiency.
Requesting a wildcard certificate in a different AWS Region does not comply with the requirement for operational efficiency. Certificates must be in the same Region as the API Gateway, as ACM certificates are regional resources.
Creating hosted zones for each customer adds unnecessary complexity and overhead. This approach does not provide operational efficiency, as it requires managing multiple hosted zones instead of utilizing a wildcard domain.
Requesting a wildcard certificate that matches the custom domain name in the same Region as the API Gateway is necessary for securing the API calls. This allows customers to access their unique URLs securely.
Creating multiple API endpoints for each customer is not efficient. This approach leads to increased management overhead and complexity, as each customer would require separate configurations and deployments.
Creating a custom domain name in API Gateway and importing the wildcard certificate from ACM is essential for establishing secure HTTPS connections for the API endpoints, ensuring that individual customer URLs are secure.
From my perspective, the answer is:
Register the required domain in a registrar. Create a wildcard custom domain name in a Route 53 hosted zone and record in the zone that points to the API Gateway endpoint.