Question 228:
John is a software contractor and is working on a web application. Since the budget is limited and the schedule is tight, he decides to implement it using API gateway and Lambda so that he does not need to consider the server management, scalability, etc. The customer has raised concerns that the APIs should be kept secure and there should be mechanisms to control the access to API endpoints. Which below method can be used to help secure the API?
Answer options:
A.Attach a resource policy to the API Gateway API, which controls access to the API Gateway resources. Access can be controlled by IAM condition elements, including conditions on AWS account, source VPC, etc. B.Use IAM permissions to control access to the API Gateway component. For example, in order to call a deployed API, the API caller must be granted permission to perform required IAM actions supported by the API execution component of API Gateway. C.Use a Lambda function as the authorizer. When a client calls the API, the API Gateway either supplies the authorization token that is extracted from a specified request header for the token-based authorizer or it passes in the incoming request parameters as the input to the request parameters-based authorizer Lambda function. D.Use an Amazon Cognito user pool to control who can access the API in Amazon API Gateway. You need to use the Amazon Cognito console, CLI/SDK, or API to create a user pool. Then, in the API Gateway, create an API Gateway authorizer with the chosen user pool. E.All the above options are correct.
