Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 360 discussion

an interface endpoint is a horizontally scaled, redundant VPC endpoint that provides private connectivity to a service. It is an elastic network interface with a private IP address that serves as an entry point for traffic destined to the AWS service. Interface endpoints are used to connect VPCs with AWS services

C. Use a gateway endpoint is wrong because gateway endpoints only support for S3 and dynamoDB, so B is correct

AWS PrivateLink connects resources within one VPC (the consumer) to services within another VPC (the provider) using private IP addresses. But since it uses API gateway, you have to use VPC endpoint to keep private communication though there are other options to avoid using VPC endpoint

B. Usar um endpoint de interface: Embora os endpoints de interface também possam facilitar a comunicação privada, eles são projetados para integrar serviços AWS ou serviços baseados em VPC endpoints. Para o caso de APIs REST privadas do API Gateway, o endpoint de gateway é mais apropriado.

Por que o endpoint de gateway é a solução ideal? Comunicação por meio da VPC:Um endpoint de gateway no Amazon API Gateway permite que os serviços na mesma VPC se comuniquem diretamente, sem sair da rede interna ou passar pela Internet pública. Menor impacto no código:O uso de um endpoint de gateway no API Gateway requer apenas a reconfiguração do endpoint na VPC, sem mudanças significativas no código das APIs. Segurança:Com um endpoint de gateway, o tráfego é mantido dentro da rede privada da VPC, reduzindo os riscos de segurança associados ao tráfego pela Internet. Custo-benefício:Um endpoint de gateway é econômico, pois utiliza a infraestrutura existente da VPC e evita custos adicionais relacionados ao tráfego pela Internet.

B. Use an interface endpoint. Here's the reasoning: Interface Endpoint (Option B): An interface endpoint (also known as VPC endpoint) allows communication between resources in your VPC and services without traversing the public internet. In this case, you can create an interface endpoint for API Gateway in your VPC. This enables the communication between the BuyStock and CheckFunds RESTful web services within the VPC, and it doesn't require significant changes to the code. X-API-Key header (Option A): Adding an X-API-Key header for authorization doesn't address the issue of ensuring that the APIs communicate through the VPC. It's more related to authentication and authorization mechanisms.

The question here is that the BuyStock RESTful web service calls the CheckFunds RESTful web service through API gateway (internet), not directly. How does API gateway connect the services BuyStock and CheckFunds? It connects the Interface Endpoint of the services through Privatelink. The interface endpoints provide direct connection between services within the same private subnet. Answer B is correct.

how is it even possible, I mean if it's private and both are in the same VPC then we shouldn't even have such an issue right?

B. Use an interface endpoint.

Answer B (from abylead) With API GW, you can create multiple prv REST APIs, only accessible with an interface VPC endpt. To allow/ deny simple or cross acc access to your API from selected VPCs & its endpts, you use resource plcys. In addition, you can also use DX for a connection between onprem network to VPC or your prv API. API GW to VPC: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-apis.html Less correct & incorrect (infeasible & inadequate) answers: A)X-API-Key in HTTP header for authorization needs auto-process fcts & changes: inadequate. C)VPC GW endpts for S3 or DynamDB aren’t for RESTful svcs: infeasible. D)SQS que between 2 REST APIs needs endpts & some changes: inadequate.

I select C because it's the solution with the " FEWEST changes to the code"

An interface endpoint is powered by PrivateLink, and uses an elastic network interface (ENI) as an entry point for traffic destined to the service

BBBBBB

https://www.linkedin.com/pulse/aws-interface-endpoint-vs-gateway-alex-chang

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-apis.html

The only time where an Interface Endpoint may be preferable (for S3 or DynamoDB) over a Gateway Endpoint is if you require access from on-premises, for example you want private access from your on-premise data center

fewest changes to code and below link: https://gkzz.medium.com/what-is-the-differences-between-vpc-endpoint-gateway-endpoint-ae97bfab97d8