What should a solutions architect do to increase the application’s performance?
Create a new SSL certificate using AWS Certificate Manager (ACM). Install the ACM certificate on each instance.
Create an Amazon S3 bucket. Migrate the SSL certificate to the S3 bucket. Configure the EC2 instances to reference the bucket for SSL termination.
Create another EC2 instance as a proxy server. Migrate the SSL certificate to the new instance and configure it to direct connections to the existing EC2 instances.
Import the SSL certificate into AWS Certificate Manager (ACM). Create an Application Load Balancer with an HTTPS listener that uses the SSL certificate from ACM.
Explanations:
AWS Certificate Manager (ACM) cannot be used directly on EC2 instances. ACM is meant to simplify SSL management with load balancers, not for direct installation on instances. Using ACM requires integration with an Application Load Balancer (ALB) or API Gateway.
Amazon S3 is not a valid service for hosting or managing SSL certificates. SSL termination must occur on a compute service (like EC2 or a load balancer), not through an S3 bucket. This option does not address the performance issue.
While creating a proxy server can help with SSL offloading, it introduces additional complexity and does not utilize AWS services optimized for this purpose. This option may also not significantly reduce the load on the existing EC2 instances.
Importing the SSL certificate into ACM and creating an Application Load Balancer (ALB) allows for SSL termination at the load balancer level. This offloads SSL processing from the EC2 instances, improving performance and scalability while providing a managed way to handle SSL certificates.