What is the MOST operationally efficient solution that meets these requirements?
Configure AWS Shield.
Configure AWS WAF.
Set up API Gateway with an Amazon CloudFront distribution. Configure AWS Shield in CloudFront.
Set up API Gateway with an Amazon CloudFront distribution. Configure AWS WAF in CloudFront.
Explanations:
AWS Shield provides DDoS protection but does not specifically address SQL injection or cross-site scripting attacks. It is not designed for application-layer security.
AWS WAF (Web Application Firewall) is designed to protect web applications from common web exploits, including SQL injection and cross-site scripting. It allows for customizable rules and can be directly integrated with API Gateway, making it operationally efficient for protecting REST APIs.
While setting up API Gateway with CloudFront and configuring AWS Shield can provide DDoS protection, it does not directly protect against SQL injection or cross-site scripting attacks. Shield alone is insufficient for these types of vulnerabilities.
Although setting up API Gateway with CloudFront and configuring AWS WAF does provide protection against SQL injection and cross-site scripting, this option does not explicitly state that WAF is configured for API Gateway, which is the main requirement. The option is less operationally efficient since WAF is not directly attached to API Gateway in this scenario.
I arrange that the answer is:
Configure AWS WAF.