Which combination of steps should the developer take to meet these requirements?
(Choose two.)
Configure an A record in Route 53 with the ALB as the target. Request the www.example.com TLS/SSL certificate in IAM server certificates.
Configure an A record in Route 53 with the ALB as the target. Request the www.example.com TLS/SSL certificate in AWS Certificate Manager (ACM).
Add the www.example.com certificate to the HTTP listener. Add a rule with www.example.com as the host. Forward the traffic to a target group that contains the Auto Scaling group.
Configure an A record in Route 53 with the ALB as the target. Request the www.example.com TLS/SSL certificate in Route 53.
Create an HTTPS listener in the ALB. Add the www.example.com certificate to the listener. Add a rule with www.example.com as the host. Forward the traffic to a target group that contains the Auto Scaling group.
Explanations:
Requesting the TLS/SSL certificate in IAM server certificates is not recommended for public applications; AWS Certificate Manager (ACM) is the proper service to use for managing TLS/SSL certificates for use with ALBs.
Configuring an A record in Route 53 with the ALB as the target and requesting thewww.example.comTLS/SSL certificate in AWS Certificate Manager (ACM) is the appropriate way to secure the application and associate the domain with the ALB.
While it is necessary to associate the TLS/SSL certificate with the ALB’s listener, this option incorrectly states that the certificate should be added to the HTTP listener instead of the HTTPS listener, which is required for secure traffic.
Route 53 does not issue TLS/SSL certificates. The correct approach is to request the certificate from AWS Certificate Manager (ACM), not Route 53.
Creating an HTTPS listener in the ALB and adding thewww.example.comcertificate to the listener, along with a rule to forward traffic to the target group, is a correct and secure way to manage TLS/SSL for the application.