A company has recently chosen to use the AWS API Gateway service for managing their API's.
It needs to be ensured that code hosted in other domains can access the API's behind the API gateway service.
Which of the below security features of the API gateway can be used to ensure that API's resources can receive requests from a domain other than the API's own domain?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: C.
The AWS Documentation mentions the following.
When your API's resources receive requests from a domain other than the API's own domain, you must enable cross-origin resource sharing (CORS) for selected methods on the resource.
This amounts to having your API respond to the OPTIONS preflight request with at least the following CORS-required response headers:
Access-Control-Allow-Methods.
Access-Control-Allow-Headers.
Access-Control-Allow-Origin.
Option A and B are invalid because these are used to ensure users can call API's.
Option D is invalid because there is no such thing as API Access.
For more information on enabling CORS, please refer to the below URL-
http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.htmlThe correct answer is C. API CORS.
AWS API Gateway is a fully managed service that makes it easy to create, deploy, and manage APIs at any scale. When creating an API in AWS API Gateway, the API owner needs to ensure that the API resources can receive requests from a domain other than the API's own domain. This is where Cross-Origin Resource Sharing (CORS) comes into play.
CORS is a security feature implemented in web browsers that restricts web pages from making requests to a different domain than the one that served the original web page. This security feature is implemented by adding HTTP headers to API responses that instruct the browser to allow or deny cross-domain requests.
AWS API Gateway provides a simple and configurable way to enable CORS for APIs. When configuring CORS in API Gateway, the API owner specifies the allowed domains that can access the API resources. This is done by setting the "Access-Control-Allow-Origin" header in the API response to the allowed domain.
To configure CORS in API Gateway, the following steps need to be performed:
Once the CORS configuration is saved, the API Gateway service will automatically add the necessary headers to the API responses to enable cross-domain access.
In summary, API Gateway's CORS security feature allows an API owner to enable cross-domain access to the API's resources. This is achieved by adding HTTP headers to the API responses that instruct the browser to allow or deny cross-domain requests.