Q26 — AWS SAA-C03 Ch.4

Question 26 of 105 | ← Chapter 4

Q221. A company has registered its domain name with Amazon Route 53. The company uses Amazon API Gateway in the ca-central-1 Region as a public interface for its backend microservice APIs. Third-party services consume the APIs securely. The company wants to design its API Gateway URL with the company's domain name and corresponding certificate so that the third-party services can use HTTPS.Which solution will meet these requirements?

Correct Answer: C. Create a Regional API Gateway endpoint Associate the API Gateway endpoint with the company's domain name. Import the public certificate associated with the company's domain name into AWS Certificate Manager (ACM) in the same Region. Attach the certificate to the API Gateway endpoint.Configure Route 53to route traffic to the API Gateway endpoint.

Explanation

To design an API Gateway URL with a company's domain name and corresponding certificate so that third-party services can use HTTPS, a company should create a Regional API Gateway endpoint, associate the API Gateway endpoint with the company's domain name, import the public certificate associated with the company's domain name into AWS Certificate Manager (ACM) in the same Region, attach the certificate to the API Gateway endpoint, and configure Route 53 to route traffic to the API Gateway endpoint. Therefore, option C is the correct answer. Option A suggests creating stage variables in API Gateway to overwrite the default URL and importing the public certificate associated with the company's domain name into ACM. While this approach can work, it only changes the URL for a specific stage and does not provide a complete solution for associating the domain name with the API Gateway endpoint. Option B suggests creating Route 53 DNS records with the company's domain name, pointing the alias record to the Regional API Gateway stage endpoint, and importing the public certificate associated with the company's domain name into ACM in the us-east-1 Region. While this approach can work, it does not provide a complete solution for associating the domain name with the API Gateway endpoint in the ca-central-1 Region. Option D suggests associating the API Gateway endpoint with the company's domain name, importing the public certificate associated with the company's domain name into ACM in the us-east-1 Region, attaching the certificate to the API Gateway APIs, and creating Route 53 DNS records with the company's domain name. While this approach can work, it requires more manual setup and management compared to using a Regional API Gateway endpoint and associating it with the company's domain name. By using a Regional API Gateway endpoint, associating it with the company's domain name, importing the public certificate associated with the company's domain name into ACM in the same Region, attaching the certificate to the API Gateway endpoint, and configuring Route 53 to route traffic to the API Gateway endpoint, the company can easily implement a solution that allows third-party services to securely use its backend microservice APIs. This solution provides a scalable way to associate a domain name with an API Gateway endpoint while providing end-to-end encryption using HTTPS. This solution meets the requirements stated in the question.