A company is using Amazon API Gateway to manage its public-facing API. The CISO requires that the APIs be used by test account users only.
What is the MOST secure way to restrict API access to users of this particular AWS account?
A . Client-side SSL certificates for authentication
B . API Gateway resource policies
C . Cross-origin resource sharing (CORS)
D . Usage plans
Answer: B
Explanation:
Reference: https://aws.amazon.com/blogs/compute/control-access-to-your-apis-using-amazon-apigateway-resource-policies/