What solution should a solutions architect do to meet this requirement?
Update the ALB’s network ACL to accept only HTTPS traffic.
Create a rule that replaces the HTTP in the URL with HTTPS.
Create a listener rule on the ALB to redirect HTTP traffic to HTTPS.
Replace the ALB with a Network Load Balancer configured to use Server Name Indication (SNI).
Explanations:
Updating the network ACL to accept only HTTPS traffic does not redirect HTTP requests to HTTPS. It would simply block any HTTP traffic, which would result in users being unable to access the site if they use HTTP, rather than redirecting them to the HTTPS version.
Creating a rule that replaces HTTP in the URL with HTTPS is not a valid approach as ALBs do not support URL rewriting in that manner. Redirecting requests from HTTP to HTTPS requires specific redirect rules rather than modifying the URL directly.
Creating a listener rule on the ALB to redirect HTTP traffic to HTTPS is the correct solution. This method allows you to specify a redirect action that automatically forwards any requests received on the HTTP listener to the corresponding HTTPS endpoint, ensuring that all traffic is secured.
Replacing the ALB with a Network Load Balancer (NLB) configured to use Server Name Indication (SNI) is not a suitable solution. While NLBs can handle HTTPS traffic, they do not have built-in capabilities for redirecting HTTP to HTTPS like ALBs do. This option would not meet the requirement for redirecting HTTP requests.