SAP-C02 第 343 题
题目
A solutions architect wants to make sure that only AWS users or roles with suitable permissions can access a new Amazon API Gateway endpoint. The solutions architect wants an end-to-end view of each request to analyze the latency of the request and create service maps. How can the solutions architect design the API Gateway access control and perform request inspections?
中文翻译:
解决方案架构师希望确保只有具有适当权限的 AWS 用户或角色才能访问新的 Amazon API Gateway 终端节点。解决方案架构师希望获得每个请求的端到端视图,以分析请求的延迟并创建服务映射。解决方案架构师如何设计 API 网关访问控制并执行请求检查?
选项
A. For the API Gateway method, set the authorization to AWS_IAM. Then, give the IAM user or role execute-api:Invoke permission on the REST API resource. Enable the API caller to sign requests with AWS Signature when accessing the endpoint. Use AWS X-Ray to trace and analyze user requests to API Gateway.
中文翻译:
对于 API Gateway 方法,将授权设置为 AWS_IAM。然后,向 IAM 用户或角色授予对 REST API 资源的execute-api:Invoke 权限。允许 API 调用者在访问终端节点时使用 AWS 签名对请求进行签名。使用 AWS X-Ray 跟踪和分析对 API Gateway 的用户请求。
B. For the API Gateway resource, set CORS to enabled and only return the company's domain in Access-Control-Allow-Origin headers. Then, give the IAM user or role execute-api:Invoke permission on the REST API resource. Use Amazon CloudWatch to trace and analyze user requests to API Gateway.
中文翻译:
对于 API 网关资源,将 CORS 设置为启用,并且仅在 Access-Control-Allow-Origin 标头中返回公司的域。然后,向 IAM 用户或角色授予对 REST API 资源的execute-api:Invoke 权限。使用 Amazon CloudWatch 跟踪和分析对 API Gateway 的用户请求。
C. Create an AWS Lambda function as the custom authorizer, ask the API client to pass the key and secret when making the call, and then use Lambda to validate the key/secret pair against the IAM system. Use AWS X-Ray to trace and analyze user requests to API Gateway.
中文翻译:
创建一个 AWS Lambda 函数作为自定义授权方,要求 API 客户端在进行调用时传递密钥和密钥,然后使用 Lambda 根据 IAM 系统验证密钥/密钥对。使用 AWS X-Ray 跟踪和分析对 API Gateway 的用户请求。
D. Create a client certificate for API Gateway. Distribute the certificate to the AWS users and roles that need to access the endpoint. Enable the API caller to pass the client certificate when accessing the endpoint. Use Amazon CloudWatch to trace and analyze user requests to API Gateway.
中文翻译:
为API网关创建客户端证书。将证书分发给需要访问终端节点的 AWS 用户和角色。允许 API 调用者在访问端点时传递客户端证书。使用 Amazon CloudWatch 跟踪和分析对 API Gateway 的用户请求。
答案
A
解析
正确答案:A 解析: 本题应选择 A。 正确选项: A. 对于 API Gateway 方法,将授权设置为 AWS_IAM。然后,向 IAM 用户或角色授予对 REST API 资源的execute-api:Invoke 权限。允许 API 调用者在访问终端节点时使用 AWS 签名对请求进行签名。使用 AWS X-Ray 跟踪和分析对 API Gateway 的用户请求。 选择理由: 该选项最直接地满足题干中的关键约束。做 SAP-C0...