Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 360 discussion

an interface endpoint is a horizontally scaled, redundant VPC endpoint that provides private connectivity to a service. It is an elastic network interface with a private IP address that serves as an entry point for traffic destined to the AWS service. Interface endpoints are used to connect VPCs with AWS services

C. Use a gateway endpoint is wrong because gateway endpoints only support for S3 and dynamoDB, so B is correct

B. Use an interface endpoint. Here's the reasoning: Interface Endpoint (Option B): An interface endpoint (also known as VPC endpoint) allows communication between resources in your VPC and services without traversing the public internet. In this case, you can create an interface endpoint for API Gateway in your VPC. This enables the communication between the BuyStock and CheckFunds RESTful web services within the VPC, and it doesn't require significant changes to the code. X-API-Key header (Option A): Adding an X-API-Key header for authorization doesn't address the issue of ensuring that the APIs communicate through the VPC. It's more related to authentication and authorization mechanisms.

The question here is that the BuyStock RESTful web service calls the CheckFunds RESTful web service through API gateway (internet), not directly. How does API gateway connect the services BuyStock and CheckFunds? It connects the Interface Endpoint of the services through Privatelink. The interface endpoints provide direct connection between services within the same private subnet. Answer B is correct.

how is it even possible, I mean if it's private and both are in the same VPC then we shouldn't even have such an issue right?

B. Use an interface endpoint.

Answer B (from abylead) With API GW, you can create multiple prv REST APIs, only accessible with an interface VPC endpt. To allow/ deny simple or cross acc access to your API from selected VPCs & its endpts, you use resource plcys. In addition, you can also use DX for a connection between onprem network to VPC or your prv API. API GW to VPC: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-apis.html Less correct & incorrect (infeasible & inadequate) answers: A)X-API-Key in HTTP header for authorization needs auto-process fcts & changes: inadequate. C)VPC GW endpts for S3 or DynamDB aren’t for RESTful svcs: infeasible. D)SQS que between 2 REST APIs needs endpts & some changes: inadequate.

I select C because it's the solution with the " FEWEST changes to the code"

An interface endpoint is powered by PrivateLink, and uses an elastic network interface (ENI) as an entry point for traffic destined to the service

BBBBBB

https://www.linkedin.com/pulse/aws-interface-endpoint-vs-gateway-alex-chang

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-apis.html

The only time where an Interface Endpoint may be preferable (for S3 or DynamoDB) over a Gateway Endpoint is if you require access from on-premises, for example you want private access from your on-premise data center

fewest changes to code and below link: https://gkzz.medium.com/what-is-the-differences-between-vpc-endpoint-gateway-endpoint-ae97bfab97d8

Agreed B

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-apis.html - Interface EP