AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A company wants to expose some internal services to external developers over the Internet. They need a solution that offers authentication/authorization, per-client rate limiting, and the ability to monitor and control usage. Which AWS service should they use to meet these requirements?
Use Amazon API Gateway to expose the services and enforce usage plans with API keys.
Host the services on Amazon EC2 instances and use security groups for access control.
Use AWS Lambda to host the services and implement custom authentication and throttling logic.
Deploy the services behind an Application Load Balancer and use Amazon Cognito for authentication.
Amazon API Gateway is a fully managed service that lets you create, publish, maintain, monitor, and secure APIs at any scale. It integrates with Amazon Cognito user pools, IAM, or Lambda authorizers for authentication and authorization. To meter and control consumption, you attach API keys to usage plans, which provide request quotas and throttling limits; detailed metrics and logs are pushed to Amazon CloudWatch for monitoring.
An Application Load Balancer with Amazon Cognito can authenticate users, but ALB has no built-in per-client throttling or usage-tracking features-you would need AWS WAF or another service for that.
Running the services directly on Amazon EC2 with security groups only restricts network traffic and provides none of the API-level monitoring or rate-limiting capabilities.
Using AWS Lambda alone would still require you to build or add separate authentication, metering, and throttling logic; API Gateway already provides these capabilities out of the box.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Amazon API Gateway and how does it manage authentication and throttling?
Open an interactive chat with Bash
How do usage plans and API keys work in Amazon API Gateway?
Open an interactive chat with Bash
How is Amazon API Gateway different from an Application Load Balancer for API management?