What should the developer do to secure the connection?
Configure the ALB to use the X.509 certificate by using the AWS Management Console.
Configure each EC2 instance to use the same X.509 certificate by using the AWS Management Console.
Export the root key of the X.509 certificate to an Amazon S3 bucket. Configure each EC2 instance to use the same X.509 certificate from the S3 bucket.
Export the root key of the X.509 certificate to an Amazon S3 bucket. Configure the ALB to use the X.509 certificate from the S3 bucket.
Explanations:
The ALB is responsible for terminating the HTTPS connection. The developer can configure the ALB to use the X.509 certificate issued by ACM to secure the connection. This is the best approach, as the certificate management is handled by AWS and no additional configuration is needed on the EC2 instances.
Configuring each EC2 instance with the X.509 certificate is unnecessary and inefficient. The ALB should handle the HTTPS termination, not each EC2 instance. This adds complexity and does not align with best practices for scaling.
Exporting the root key to an S3 bucket and configuring each EC2 instance to use the certificate is not a secure method. It’s also not necessary as the ALB is the component responsible for managing the HTTPS connection.
Exporting the root key to an S3 bucket and configuring the ALB to use the certificate from S3 is not required. The ALB can directly integrate with ACM, making this approach redundant and insecure. The root key should not be exposed in this way.