Which combination of changes will meet this requirement with the LEAST operational overhead?

By:
In: SAP-C01
Tagged:
With: 1 Comment
A company is deploying a new API to AWS.The API uses Amazon API Gateway with a Regional API endpoint and an AWS Lambda function for hosting.The API retrieves data from an external vendor API, stores data in an Amazon DynamoDB global table, and retrieves data from the DynamoDB global table.The API key for the vendor’s API is stored in AWS Secrets Manager and is encrypted with a customer managed key in AWS Key Management Service (AWS KMS).The company has deployed its own API into a single AWS Region.A solutions architect needs to change the API components of the company’s API to ensure that the components can run across multiple Regions in an active-active configuration.

Which combination of changes will meet this requirement with the LEAST operational overhead?

(Choose three.)

Deploy the API to multiple Regions. Configure Amazon Route 53 with custom domain names that route traffic to each Regional API endpoint. Implement a Route 53 multivalue answer routing policy.

Create a new KMS multi-Region customer managed key. Create a new KMS customer managed replica key in each in-scope Region.

Replicate the existing Secrets Manager secret to other Regions. For each in-scope Region’s replicated secret, select the appropriate KMS key.

Create a new AWS managed KMS key in each in-scope Region. Convert an existing key to a multi-Region key. Use the multi-Region key in other Regions.

Create a new Secrets Manager secret in each in-scope Region. Copy the secret value from the existing Region to the new secret in each in-scope Region.

Modify the deployment process for the Lambda function to repeat the deployment across in-scope Regions. Turn on the multi-Region option for the existing API. Select the Lambda function that is deployed in each Region as the backend for the multi-Region API.

2025-10-03

1 Comment

  1. James
    Author

    I evaluate that the answer is:
    Create a new KMS multi-Region customer managed key. Create a new KMS customer managed replica key in each in-scope Region.

Leave a Reply

Your email address will not be published. Required fields are marked *

sixteen − 13 =