A Developer is building a serverless application that uses Amazon API Gateway as the front end. The application will not be publicly accessible. Other legacy applications running on Amazon EC2 will make calls to the application A Security Engineer Has been asked to review the security controls for authentication and authorization of the application.
Which combination of actions would provide the MOST secure solution? (Select TWO)
A . Configure an IAM policy that allows the least permissive actions to communicate with the API Gateway Attach the policy to the role used by the legacy EC2 instances
B . Enable AWS WAF for API Gateway Configure rules to explicitly allow connections from the legacy EC2 instances
C . Create a VPC endpoint for API Gateway Attach an IAM resource policy that allows the role of the legacy EC2 instances to call specific APIs
D . Create a usage plan Generate a set of API keys for each application that needs to call the AP
F . Configure cross-origin resource sharing (CORS) in each API Share the CORS information with the applications that call the AP
Answer: A,E
Leave a Reply