Free Preparation Discussions
MENU
Amazon DVA-C02 Exam - Topic 3 Question 67 Discussion
Topic #: 3
A developer wants to use an Amazon CloudFront distribution to deliver a web application to users. Users will access the application through the internet.
The developer needs to create an SSL/TLS certificate to use with the CloudFront distribution. The developer wants to minimize operational overhead by ensuring that the certificate is renewed automatically.
Which solution will meet these requirements?
The best answer is to request a public certificate in AWS Certificate Manager and validate it with DNS. ACM manages public certificate renewal automatically when validation remains in place, which minimizes operational overhead. DNS validation is preferable to email validation because it does not require manual approval emails during renewal workflows. IAM server certificates are legacy-style certificate storage and do not provide the same managed lifecycle experience as ACM. Imported certificates are not automatically renewed by ACM because ACM does not control their issuance lifecycle. For CloudFront, AWS recommends ACM certificates, and CloudFront certificates must be requested or imported in the US East (N. Virginia) Region, although the option's key point is ACM public certificate with DNS validation. (AWS Documentation)
===============
Currently there are no comments in this discussion, be the first to comment!