AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A company wants to expose some internal services to external developers over the Internet. They need a solution that offers authentication/authorization, per-client rate limiting, and the ability to monitor and control usage. Which AWS service should they use to meet these requirements?
Host the services on Amazon EC2 instances and use security groups for access control.
Deploy the services behind an Application Load Balancer and use Amazon Cognito for authentication.
Use Amazon API Gateway to expose the services and enforce usage plans with API keys.
Use AWS Lambda to host the services and implement custom authentication and throttling logic.
Amazon API Gateway is a fully managed service that lets you create, publish, maintain, monitor, and secure APIs at any scale. It integrates with Amazon Cognito user pools, IAM, or Lambda authorizers for authentication and authorization. To meter and control consumption, you attach API keys to usage plans, which provide request quotas and throttling limits; detailed metrics and logs are pushed to Amazon CloudWatch for monitoring.
An Application Load Balancer with Amazon Cognito can authenticate users, but ALB has no built-in per-client throttling or usage-tracking features-you would need AWS WAF or another service for that.
Running the services directly on Amazon EC2 with security groups only restricts network traffic and provides none of the API-level monitoring or rate-limiting capabilities.
Using AWS Lambda alone would still require you to build or add separate authentication, metering, and throttling logic; API Gateway already provides these capabilities out of the box.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the main features of Amazon API Gateway?
Open an interactive chat with Bash
What is the role of API keys and usage plans in API Gateway?
Open an interactive chat with Bash
How does Amazon API Gateway integrate with other AWS services?