Question

Your team is working on an API definition that will be deployed using the API gateway service. You then need to ensure that control is established on who can access the various resources within the API gateway.

Which of the following can help ensure this security requirement is met? Choose 3 Options.

A. Key Policies

B. IAM Policies

C. Resource Policies

D. IAM Roles.

Answer 1

Answer - B, C and D.

This is given in the AWS Documentation.

For more information on using IAM Policies for controlling access, please refer to the below URL-

https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-control-access-using-iam-policies-to-invoke-api.html

Resource policies, Iam roles and policies can control access to an API.

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-to-api.html

Sure, here's a detailed explanation for each option:

A. Key Policies: AWS Key Policies are used to grant or deny access to AWS KMS keys. They are JSON documents that allow the key owner to specify who can use the key, and for what operations. However, Key Policies cannot be used to control access to API Gateway resources.

B. IAM Policies: AWS Identity and Access Management (IAM) Policies are JSON documents that define permissions for users, groups, and roles in AWS. IAM policies can be attached to IAM users, groups, and roles. IAM policies can be used to grant or deny access to API Gateway resources based on the permissions defined in the policy.

C. Resource Policies: AWS Resource Policies are JSON documents that allow you to define permissions for AWS resources. Resource policies can be used to control who can access the resources within API Gateway, such as APIs, stages, and methods. Resource policies can be attached to API Gateway resources, and can be used to grant or deny access to those resources.

D. IAM Roles: AWS IAM Roles allow you to delegate access to AWS resources to an AWS service, or to an IAM user or role in another AWS account. IAM Roles can be used to allow an AWS service, such as API Gateway, to assume a role that grants it access to other AWS resources. However, IAM Roles alone cannot be used to control access to API Gateway resources.

Therefore, the correct answers are B. IAM Policies, C. Resource Policies, and D. IAM Roles. IAM policies are used to grant or deny access to API Gateway resources based on the permissions defined in the policy. Resource policies can be used to control who can access the resources within API Gateway. IAM Roles can be used to allow an AWS service, such as API Gateway, to assume a role that grants it access to other AWS resources. Together, these three options can help ensure that control is established on who can access the various resources within the API gateway.