Q22 — AWS SAA-C03 Ch.5
Question 22 of 65 | ← Chapter 5
Q322. A company has a workload in an AWS Region. Customers connect to and access the workload by using an Amazon API Gateway REST API.The company uses Amazon Route 53 as its DNS provider. The company wants to provide individual and secure URLs for all customers. Which combination of steps will meet these requirements with the MOST operational efficiency? (Select THREE.)
- A. Register the required domain in a registrar. Create a wildcard custom domain name in a Route 53 hosted zone and record in the zone that points to the API Gateway endpoint ✓
- B. Request a wildcard certificate that matches the domains in AWS Certificate Manager (ACM) in a different Region
- C. Create hosted zones for each customer as required in Route 53. Create zone records that point to the API Gateway endpoint
- D. Request a wildcard certificate that matches the custom domain name in AWS Certificate Manager (ACM) in the same Region ✓
- E. Create multiple API endpoints for each customer in API Gateway
- F. Create a custom domain name in API Gateway for the REST API. Import the certificate from AWS Certificate Manager (ACM) ✓
Correct Answer: A. Register the required domain in a registrar. Create a wildcard custom domain name in a Route 53 hosted zone and record in the zone that points to the API Gateway endpoint, D. Request a wildcard certificate that matches the custom domain name in AWS Certificate Manager (ACM) in the same Region, F. Create a custom domain name in API Gateway for the REST API. Import the certificate from AWS Certificate Manager (ACM)
Explanation
Option A involves registering the domain in a registrar, creating a wildcard custom domain name in Route 53, and recording it with the API Gateway endpoint. This allows customers to access their workload by using individual, secure URLs.Option D involves requesting a wildcard certificate that matches the custom domain name in ACM, which is used to provide HTTPS encryption on web traffic between the customer's browser and the API Gateway. Option F involves creating a custom domain name in API Gateway for the REST API and importing the certificate from ACM to verify the secure communication between the API Gateway and the clients. Option B is not necessary as it involves requesting a wildcard certificate in a different region, which may lead to additional latency and complexity.Option C is not efficient as it requires creating multiple hosted zones for each customer, which can be difficult to manage and scale.Option E is not recommended as it involves creating multiple API endpoints for each customer, which can lead to increased operational costs and complexity.