A company has recently chosen to use the AWS API Gateway service for managing their API`s. It needs to be ensured that code hosted in other domains can access the API`s behind the API gateway service. Which of the below security features of the API gateway can be used to ensure that API`s resources can receive requests from a domain other than the API`s own domain?

Answer options:

A.API Stages
B.API Deployment
C.API CORS
D.API Access

Correct Answer: C
The AWS Documentation mentions the following.
When your API`s resources receive requests from a domain other than the API`s own domain, you must enable cross-origin resource sharing (CORS) for selected methods on the resource. This amounts to having your API respond to the OPTIONS preflight request with at least the following CORS-required response headers:
Access-Control-Allow-Methods
Access-Control-Allow-Headers
Access-Control-Allow-Origin
Option A and B are invalid because these are used to ensure users can call API’s.
Option D is invalid because there is no such thing as API Access.
For more information on enabling CORS, please refer to the below URL-
http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html