Q9 — AWS DOP-C02 Ch.2

Question 9 of 100 | ← Chapter 2

A company has deployed a new REST API using Amazon API Gateway. The company uses this API to access its data and requires that the API be accessible only from a specific VPC within the company.

Correct Answer: A. Create and attach a resource policy to the API Gateway API. Configure the resource policy to allow requests only from the specified VPC ID.

Explanation

Amazon API Gateway resource policies control access to APIs and support the `aws:SourceVpc` condition to restrict requests to a specific VPC. Resource policies are directly attached to API Gateway APIs and require no additional infrastructure. Security groups (Option B) apply to EC2 and other resources—not API Gateway. IAM roles (Option C) manage identity-based permissions, not network-origin restrictions. Network ACLs (Option D) operate at the subnet level and cannot be associated with API Gateway. AWS documentation identifies resource policies as the standard method for restricting API access by VPC, aligning precisely with the requirement. Option A is correct; others are technically invalid.