Which solution will provide connectivity between the EC2 instance and the API?

By:
On:
In: SAP-C01
Tagged:
With: 0 Comments
A company is using Amazon API Gateway to deploy a private REST API that will provide access to sensitive data.The API must be accessible only from an application that is deployed in a VPC.The company deploys the API successfully.However, the API is not accessible from an Amazon EC2 instance that is deployed in the VPC.

Which solution will provide connectivity between the EC2 instance and the API?

Create an interface VPC endpoint for API Gateway. Attach an endpoint policy that allows apigateway:* actions. Disable private DNS naming for the VPC endpoint. Configure an API resource policy that allows access from the VPC. Use the VPC endpoint’s DNS name to access the API.

Create an interface VPC endpoint for API Gateway. Attach an endpoint policy that allows the execute-api:lnvoke action. Enable private DNS naming for the VPC endpoint. Configure an API resource policy that allows access from the VPC endpoint. Use the API endpoint’s DNS names to access the API.

Create a Network Load Balancer (NLB) and a VPC link. Configure private integration between API Gateway and the NLB. Use the API endpoint’s DNS names to access the API.

Create an Application Load Balancer (ALB) and a VPC Link. Configure private integration between API Gateway and the ALB. Use the ALB endpoint’s DNS name to access the API.

Explanations:

This option suggests disabling private DNS naming for the VPC endpoint. Disabling private DNS prevents the EC2 instance from resolving the VPC endpoint’s private DNS name, making it inaccessible. Additionally, the policy allowing apigateway:* actions is too permissive and does not specifically allow the necessary execute-apiaction.

This option correctly creates an interface VPC endpoint for API Gateway and enables private DNS naming, allowing the EC2 instance to resolve the endpoint’s DNS name. The endpoint policy correctly allows the execute-apiaction, and configuring the API resource policy to allow access from the VPC endpoint ensures proper security while allowing access.

This option suggests using a Network Load Balancer (NLB) with a VPC link, which is not necessary for providing access to a private API in API Gateway. API Gateway can directly integrate with VPC endpoints without needing an NLB, making this solution overly complex and unnecessary.

Similar to option C, this option proposes using an Application Load Balancer (ALB) with a VPC Link, which is also not required for accessing a private API. API Gateway can be accessed directly via an interface VPC endpoint, making this approach unnecessary and adding complexity without benefit.

Leave a Reply

Your email address will not be published. Required fields are marked *

20 + 7 =