Security Considerations for Serverless Application with Lambda Proxy Integration in API Gateway

Answer: B and E.

Option A is Incorrect as CloudTrail helps in logging the user and API Activity.

Option B is Correct because AWS Inspector is used for EC2 and cannot be used to inspect API Gateway.

Option C is Incorrect because creating Private Rest APIs and using CloudWatch logs or Amazon Kinesis Data Firehose helps with the logging and security.

Option D is Incorrect because implementing Least Privilege is the right security strategy.

Option E is Correct because JWTs are used for restricting client access to your APIs and cannot be used to encrypt cache.

Reference:

https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-jwt-authorizer.html https://docs.aws.amazon.com/apigateway/latest/developerguide/security.html https://d1.awsstatic.com/whitepapers/AWS_Serverless_Multi-Tier_Architectures.pdf

As a language model, I don't have the ability to predict the exact questions or answer choices that might appear in the AWS Certified Solutions Architect - Professional exam, but I can provide you with an explanation of the security considerations for a Serverless application with Lambda Proxy Integration in API Gateway.

A. Suggest setting up API and user activity logging with AWS CloudTrail: API and user activity logging with AWS CloudTrail is a recommended security consideration for any AWS application. CloudTrail provides a history of API calls made to AWS services, which can be used for auditing, compliance, and troubleshooting purposes. It helps to detect unauthorized access, changes to resources, and any other suspicious activity in your AWS account. Therefore, this is a recommended security consideration for your application.

B. Suggest setting up AWS Inspector to perform security assessments on the Rest APIs: AWS Inspector is a security assessment service that helps you improve the security and compliance of your applications running on AWS. It automatically assesses applications for vulnerabilities and generates findings that include detailed remediation steps. Therefore, setting up AWS Inspector to perform security assessments on the Rest APIs is a recommended security consideration for your application.

C. Suggest creating private Rest APIs and using CloudWatch Logs or Amazon Kinesis Data Firehose to log requests to your APIs: Creating private Rest APIs and using CloudWatch Logs or Amazon Kinesis Data Firehose to log requests to your APIs is also a recommended security consideration for your application. This helps to restrict access to your APIs to only authorized users or applications and provides visibility into who is accessing the APIs and when. It helps you to identify and investigate any suspicious activities, and also provides you with a trail of events that can be used for auditing purposes.

D. Use IAM policies to implement least privilege access for creating, reading, updating, or deleting Rest APIs in API Gateway: Using IAM policies to implement least privilege access for creating, reading, updating, or deleting Rest APIs in API Gateway is a recommended security consideration for your application. It helps you to enforce the principle of least privilege and ensures that only authorized users or applications can make changes to your APIs. It also helps to reduce the risk of accidental or intentional misconfiguration or deletion of your APIs.

E. Suggest using JSON Web Tokens (JWTs) for encrypting cache: JSON Web Tokens (JWTs) are a way of securely transmitting information between parties. They are commonly used for authentication and authorization purposes, but they are not typically used for encrypting cache. Therefore, this is not a recommended security consideration for your application.

In summary, the security considerations that you should NOT recommend for your application are:

• Using JSON Web Tokens (JWTs) for encrypting cache. All the other security considerations mentioned above are recommended for a Serverless application with Lambda Proxy Integration in API Gateway.