What should the developer do to fix this problem?

By:
On:
In: DVA-C01
Tagged:
With: 0 Comments
A developer is configuring an Amazon CloudFront distribution for a new application to provide encryption in transit.The application is running in the eu-west-1Region.The developer creates a new certificate in AWS Certificate Manager (ACM) in eu-west-1, but the certificate is not visible in the CloudFront distribution settings.

What should the developer do to fix this problem?

Create the certificate for the domain in the same Region as the application. Ensure that the alternate domain name (CNAME) in the distribution settings matches the domain name in the certificate.

Create the certificate in the eu-west-1 Region. Ensure that the alternate domain name (CNAME) in the distribution settings matches the domain name in the certificate.

Recreate the CloudFront distribution in the same Region as the certificate.

Specify the ACM certificate name as the default root object of the CloudFront distribution.

Explanations:

CloudFront requires the ACM certificate to be in the US East (N. Virginia) region (us-east-1), not eu-west-1.

CloudFront can only use ACM certificates from the US East (N. Virginia) region (us-east-1), so the certificate must be created there.

The issue is related to ACM certificate region compatibility with CloudFront, not the CloudFront distribution region.

The ACM certificate is not specified as the default root object of CloudFront. The certificate is applied for encryption in transit, not as a root object.

Leave a Reply

Your email address will not be published. Required fields are marked *

15 + 7 =