A SaaS company offers several services via APIs.
They use Amazon Web Services API Gateway for the management and integration of their services.
They would like to start tracking the IP addresses of clients accessing the APIs to set up IP based security alerts.
What solution would meet these requirements (SELECT TWO)?
Click on the arrows to vote for the correct answer
A. B. C. D. E.Answer: B and E.
Option A is incorrect because API Gateway Execution logs contain details about latency, execution errors, and cache hits/misses.
It would not provide information about IP based access.
Option B is CORRECT because API Gateway Access logs contain details about the user and IPs accessing the APIs exposed via API Gateway.
Option C is incorrect because Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3 and would not provide information on API Gateway access.
Option D is incorrect because CloudTrail collects information about AWS API access requests.
It would not provide alerts, detection methods for specific IPs or tracking mechanisms.
Option E is CORRECT because when logging is enabled on API Gateway, logs are sent to CloudWatch Logs.
CloudWatch Metrics and Alarms can then be configured to provide IP based alerts as needed.
Reference:
https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.htmlThe correct answers are A and B:
A. Enable API Gateway Execution Logs - API Gateway Execution Logs contain detailed information about every API call made to the API Gateway. These logs can be enabled to track client IP addresses and other relevant information about the API request. Once enabled, the logs can be processed by various AWS services such as CloudWatch, S3, and Elasticsearch for further analysis.
B. Enable API Gateway Access Logs - API Gateway Access Logs contain information about the API Gateway management activities such as creating, updating, or deleting an API Gateway. These logs can be enabled to track who made changes to the API Gateway configuration and when they were made. Once enabled, the logs can be processed by various AWS services such as CloudWatch, S3, and Elasticsearch for further analysis.
C. Enable GuardDuty - GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior in AWS accounts. It does not track client IP addresses and is not directly relevant to the requirement in the question.
D. Configure SNS notifications for CloudTrail - CloudTrail is a service that records API calls made to AWS services. SNS notifications can be configured to alert administrators when specific API events occur. However, CloudTrail does not directly track client IP addresses and is not directly relevant to the requirement in the question.
E. Configure CloudWatch Alarm - CloudWatch Alarms can be configured to send notifications based on certain metrics, such as API Gateway latency or error rates. However, it does not directly track client IP addresses and is not directly relevant to the requirement in the question.
In summary, enabling API Gateway Execution Logs and Access Logs is the most appropriate solution to track client IP addresses and set up IP-based security alerts for the SaaS company's API services.