Which combination of steps should the company take to meet this requirement?
(Choose three.)
Update the CloudFront distribution, configuring it to optionally use HTTPS when connecting to origins on Amazon S3.
Update the web application configuration on the web servers to use HTTPS instead of HTTPS when connecting to DynamoDB.
Update the CloudFront distribution to redirect HTTP connections to HTTPS.
Configure the web servers on the EC2 instances to listen using HTTPS using the public ACM TLS certificate. Update the ALB to connect to the target group using HTTPS.
Update the ALB listener to listen using HTTPS using the public ACM TLS certificate. Update the CloudFront distribution to connect to the HTTPS listener.
Create a TLS certificate. Configure the web servers on the EC2 instances to use HTTPS only with that certificate. Update the ALB to connect to the target group using HTTPS.
Explanations:
Enabling optional HTTPS between CloudFront and S3 does not enforce end-to-end encryption in transit.
This option mentions “HTTPS instead of HTTPS,” which is incorrect and does not address end-to-end encryption.
Redirecting HTTP to HTTPS at CloudFront ensures that all user connections to CloudFront are encrypted.
Using the public ACM certificate directly on EC2 is not recommended; ALB should handle HTTPS termination.
Configuring the ALB listener with HTTPS and updating CloudFront to connect over HTTPS meets encryption needs.
Configuring EC2 instances to use HTTPS-only ensures encryption between ALB and EC2, meeting end-to-end needs.
In my experience, the answer is:
Update the CloudFront distribution to redirect HTTP connections to HTTPS.