AWS API Gateway Access Control Mechanisms - Exam Question Answer

Not Access Control Mechanisms for AWS API Gateway

Prev Question Next Question

Question

Which of the following are not access control mechanisms for AWS API Gateway? (Choose 2 options)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

Answer: C, D.

Following are different ways of controlling access to your AWS API Gateway.

https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-controlling-access-to-apis.html

Option C is not an access control mechanism.

API Gateway accepts the client-side certificates of your backend system.

https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-client-side-ssl-authentication.html#configure-api

Option D is not an access control mechanism.

RouteTables in VPCs are to control network traffic flow within a VPC.For more information on VPC route tables, refer to documentation here:

https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html
Controlling Access to an API in API Gateway

API Gateway supports multiple mechanisms for controlling access to your API:

Resource policies let you create resource-based policies to allow or deny access to your APIs and methods from
specified source IP addresses or VPC endpoints.

Standard AWS IAM roles and policies offer flexible and robust access controls that can be applied to an entire
API or individual methods.

Cross-origin resource sharing (CORS) lets you control how your API responds to cross-domain resource
requests.

Lambda authorizers are Lambda functions that control access to your API methods using bearer token
authentication as well as information described by headers, paths, query strings, stage variables, or context
variables request parameters.

Amazon Cognito user pools let you create customizable authentication and authorization solutions.
Client-side SSL certificates can be used to verify that HTTP requests to your backend system are from API
Gateway.

Usage plans let you provide API keys to your customers — and then track and limit usage of your API stages and
methods for each API key.

Sure, I can provide you with a detailed explanation of the access control mechanisms for AWS API Gateway and which options are not part of those mechanisms.

AWS API Gateway provides several ways to control access to your APIs. These include:

  1. Resource policies: These policies are applied to individual resources in your API and can control who has access to that specific resource.

  2. Lambda authorizers: These are custom authorizers that you can use to control access to your API using a Lambda function. The Lambda function can perform custom authentication and authorization logic to allow or deny access to the API.

  3. Server-side certificates: These are used to secure connections between the client and the API Gateway using SSL/TLS encryption. They are not used for access control.

  4. VPC RouteTables: These are used to control traffic between a VPC and the internet. They are not used for access control in API Gateway.

  5. Usage plans: These are used to control access to your API by limiting the number of requests that can be made by a particular client over a given period of time.

Based on the above explanations, the two options that are not access control mechanisms for AWS API Gateway are:

C. Server-side certificates - These are used to secure connections between the client and the API Gateway using SSL/TLS encryption. They are not used for access control.

D. VPC RouteTables - These are used to control traffic between a VPC and the internet. They are not used for access control in API Gateway.

Therefore, the correct answers are C and D.