Which combination of actions should the company take to meet these requirements?
(Choose two.)
Deploy Amazon API Gateway. Cache the endpoint’s responses.
Configure Amazon API Gateway with a request parameter-based AWS Lambda authorizer to add HTTP security headers on origin responses.
Write a Lambda@Edge function to add HTTP security headers on origin responses.
Configure Amazon CloudFront. Create a distribution for the EC2 and S3 origins.
Implement an Application Load Balancer (ALB) to honor the connection header from the incoming client request after forwarding the response back to the client.
Explanations:
Amazon API Gateway is typically used for creating and managing APIs, not for improving latency or adding security headers to content served by EC2 or S3.
A Lambda authorizer is used for custom authorization logic, not for adding HTTP security headers. Additionally, adding security headers with Lambda would generally be done closer to the content delivery layer, like CloudFront or Lambda@Edge.
Lambda@Edge allows running functions at CloudFront edge locations, which can modify HTTP headers (such as security headers) on responses from origin servers like EC2 or S3, thus improving security without changing application code.
CloudFront is a content delivery network (CDN) that improves content delivery speed by caching content at edge locations, reducing latency. Configuring CloudFront with EC2 and S3 origins ensures low-latency access and improved performance for users.
An Application Load Balancer (ALB) is more focused on routing and load balancing traffic to application instances rather than improving latency for static content or adding security headers. It does not provide the same low-latency content delivery benefits as CloudFront.
If I’m correct, the answer is:
Write a Lambda@Edge function to add HTTP security headers on origin responses.