Which solution will meet these requirements with the MOST operational efficiency?

By:
In: SAA-C03
Tagged:
With: 1 Comment
A company uses an Amazon CloudFront distribution to serve content pages for its website.The company needs to ensure that clients use a TLS certificate when accessing the company’s website.The company wants to automate the creation and renewal of the TLS certificates.

Which solution will meet these requirements with the MOST operational efficiency?

Use a CloudFront security policy to create a certificate.

Use a CloudFront origin access control (OAC) to create a certificate.

Use AWS Certificate Manager (ACM) to create a certificate. Use DNS validation for the domain.

Use AWS Certificate Manager (ACM) to create a certificate. Use email validation for the domain.

Explanations:

CloudFront security policies do not create certificates; they manage settings for HTTPS and security configurations. Certificates must be managed through AWS Certificate Manager (ACM) or uploaded directly.

CloudFront origin access control (OAC) is used to manage access to the origin, not for creating or managing TLS certificates. This option does not relate to the automation of certificate creation or renewal.

AWS Certificate Manager (ACM) allows for the automated creation and renewal of TLS certificates. Using DNS validation simplifies the process, as it can be automated and does not require manual intervention, aligning with operational efficiency.

While AWS Certificate Manager (ACM) does allow for automated certificate creation, email validation requires manual approval through email communication, which is less efficient and introduces potential delays compared to DNS validation.

2025-10-23

1 Comment

  1. Robert
    Author

    In my experience, the answer is:
    Use AWS Certificate Manager (ACM) to create a certificate. Use DNS validation for the domain.

Leave a Reply

Your email address will not be published. Required fields are marked *

9 − 7 =