A Company ABC has 100 REST APIs exposed to the Internet from their on-premise network.
They have already integrated with AWS through DirectConnect.
They have approached you asking for a cost-effective way of making these REST APIs available through AWS API Gateway because of the resiliency and cost reductions provided by it.
What solution would you provide?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: B
For more information on VPC Link, refer to the documentation here.
https://aws.amazon.com/blogs/compute/introducing-amazon-api-gateway-private-endpoints/Option A is INCORRECT because you can use API Gateway to integrate with on-premises backend APIs.
Therefore this option is invalid.
Option C is INCORRECT because you can choose the integration type as "HTTPS" if your API is integrated with an existing HTTPS endpoint.
Since the question does not state any integration with any HTTPS endpoint, this option is invalid.
Option D is INCORRECT because you can choose the integration type as "AWS Service" only if your API will be integrated with an AWS service.
Since the question does not state any integration with any AWS service, this option is invalid.
Please refer to page 605 on the below link:
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-dg.pdfOption B - Use VPC Link to integrate on-premises backend solutions through DirectConnect and private VPC - is the best solution for this scenario.
API Gateway can integrate with backend APIs hosted in a variety of locations, including on-premises servers. However, it is not recommended to expose on-premises APIs to the public internet directly due to security concerns.
In this scenario, the company has already integrated with AWS through DirectConnect, which establishes a dedicated network connection between their on-premises network and their AWS VPC (Virtual Private Cloud). This means that their on-premises network is already connected to AWS and they can use the VPC Link feature of API Gateway to securely access their on-premises REST APIs.
VPC Link is a feature of API Gateway that allows you to privately integrate your API Gateway with resources in your VPC. With VPC Link, you can create a private connection between your API Gateway and a VPC in your account, or a VPC in a different account or region. You can then use this VPC Link to access resources in the VPC from your API Gateway.
In this scenario, the company can create a VPC Link between their API Gateway and their on-premises network through their existing DirectConnect connection. They can then use the VPC Link to access their on-premises REST APIs securely from API Gateway without exposing them to the public internet. This solution is both cost-effective and provides the resiliency benefits of API Gateway.
Option A - Rebuilding all the backend APIs using Lambda and integrating them with API Gateway - would be a costly and time-consuming solution. It would require significant development effort to rewrite all the existing REST APIs as Lambda functions and would likely require changes to the existing application architecture.
Option C - Building API Gateway using the existing on-premises public-facing REST APIs as HTTPS endpoints integration type - would expose the on-premises APIs to the public internet, which is not recommended for security reasons.
Option D - Building API Gateway with integration type as AWS Service and selecting Direct Connect service - is not a valid option as AWS Service integration type is used to integrate API Gateway with other AWS services such as Lambda or DynamoDB, but not with on-premises resources.