How should the developer configure the custom domain for the application?
Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the same Region as the API. Create a DNS A record for the custom domain.
Import the SSL/TLS certificate into CloudFront. Create a DNS CNAME record for the custom domain.
Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the same Region as the API. Create a DNS CNAME record for the custom domain.
Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the us-east-1 Region. Create a DNS CNAME record for the custom domain.
Explanations:
The SSL/TLS certificate must be imported into AWS Certificate Manager (ACM) in the us-east-1 Region when using a custom domain with Amazon API Gateway and CloudFront, as API Gateway requires the certificate in that region, even if the API is in us-east-2. Creating a DNS A record is not appropriate for a CloudFront distribution; a CNAME record should be used.
Importing the SSL/TLS certificate directly into CloudFront is not the correct procedure for using a third-party certificate. Certificates must be in ACM to be associated with CloudFront distributions, and using a DNS CNAME record is correct, but the certificate handling is not properly addressed here.
The certificate must be imported into ACM in the us-east-1 Region, not us-east-2, when setting up a custom domain for an API Gateway in combination with CloudFront. Although creating a DNS CNAME record is correct, the location of the ACM certificate is incorrect.
The SSL/TLS certificate should be imported into ACM in the us-east-1 Region, which is required for API Gateway and CloudFront integrations. Additionally, creating a DNS CNAME record for the custom domain is the correct approach for routing traffic to the CloudFront distribution associated with the API.
I draft that the answer is:
Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the us-east-1 Region. Create a DNS CNAME record for the custom domain.