A Solutions Architect is working on a PCI-compliant architecture that needs to call an external service provider’s API. The external provider requires IP whitelisting to verify the calling party.
How should the Solutions Architect provide the external party with the IP addresses for whitelisting?
A. Use an API Gateway in proxy mode, and provide the API Gateway’s IP address to the external service provider.
B. Associate a public elastic network interface to a published stage/endpoint in API Gateway, exposing the AWS Lambda function, and provide the IP address
for the public network interface to the external party to whitelist.
C. Deploy the Lambda function in private subnets and route outbound traffic through a NAT gateway. Provide the NAT gateway’s Elastic IP address to the external service provider.
D. Provide the external party the allocated AWS IP address range for Lambda functions, and send change notifications by using a subscription to the AmazonIpSpaceChanged SNS topic.