Which solution will meet these requirements?

By:
In: SAA-C03
Tagged:
With: 1 Comment
A company is developing an application in the AWS Cloud.The application’s HTTP API contains critical information that is published in Amazon API Gateway.The critical information must be accessible from only a limited set of trusted IP addresses that belong to the company’s internal network.

Which solution will meet these requirements?

Set up an API Gateway private integration to restrict access to a predefined set of IP addresses.

Create a resource policy for the API that denies access to any IP address that is not specifically allowed.

Directly deploy the API in a private subnet. Create a network ACL. Set up rules to allow the traffic from specific IP addresses.

Modify the security group that is attached to API Gateway to allow inbound traffic from only the trusted IP addresses.

Explanations:

API Gateway private integration is used to access resources in a VPC privately, but it does not restrict access to specific IP addresses from the internet.

A resource policy can restrict access to the API based on specific IP addresses, effectively limiting access to trusted internal network addresses.

API Gateway does not support deployment in a private subnet. Network ACLs apply to VPCs, not to API Gateway, which is publicly accessible by default.

Security groups cannot be directly attached to API Gateway. Instead, API Gateway access control is managed by resource policies and IAM policies.

2025-10-24

1 Comment

  1. Arthur
    Author

    I rate that the answer is:
    Create a resource policy for the API that denies access to any IP address that is not specifically allowed.

Leave a Reply

Your email address will not be published. Required fields are marked *

eight + eleven =