Which solution will meet these requirements?

By:
On:
In: SAA-C03
Tagged:
With: 0 Comments
A company has registered its domain name with Amazon Route 53.The company uses Amazon API Gateway in the ca-central-1 Region as a public interface for its backend microservice APIs.Third-party services consume the APIs securely.The company wants to design its API Gateway URL with the company’s domain name and corresponding certificate so that the third-party services can use HTTPS.

Which solution will meet these requirements?

Create stage variables in API Gateway with Name=”Endpoint-URL” and Value=”Company Domain Name” to overwrite the default URL. Import the public certificate associated with the company’s domain name into AWS Certificate Manager (ACM).

Create Route 53 DNS records with the company’s domain name. Point the alias record to the Regional API Gateway stage endpoint. Import the public certificate associated with the company’s domain name into AWS Certificate Manager (ACM) in the us-east-1 Region.

Create a Regional API Gateway endpoint. Associate the API Gateway endpoint with the company’s domain name. Import the public certificate associated with the company’s domain name into AWS Certificate Manager (ACM) in the same Region. Attach the certificate to the API Gateway endpoint. Configure Route 53 to route traffic to the API Gateway endpoint.

Create a Regional API Gateway endpoint. Associate the API Gateway endpoint with the company’s domain name. Import the public certificate associated with the company’s domain name into AWS Certificate Manager (ACM) in the us-east-1 Region. Attach the certificate to the API Gateway APIs. Create Route 53 DNS records with the company’s domain name. Point an A record to the company’s domain name.

Explanations:

API Gateway does not support the use of stage variables to overwrite URLs for custom domains. Also, the certificate must be in the same AWS Region as the API Gateway, not just imported into ACM.

The certificate for API Gateway must be in the same Region as the API Gateway (ca-central-1), not in us-east-1. Therefore, this solution will not work as expected.

This solution uses a Regional API Gateway endpoint, associates it with the company’s domain name, and imports the certificate into ACM in the same Region (ca-central-1). This meets all requirements for HTTPS access via Route 53.

This option imports the certificate into us-east-1 rather than ca-central-1, which is where the API Gateway is deployed. API Gateway requires certificates to be in the same Region for custom domains to work.

Leave a Reply

Your email address will not be published. Required fields are marked *

3 × four =