Which solution will deploy the certificate without incurring any additional costs?
Request an Amazon issued private certificate from AWS Certificate Manager (ACM) in the us-east-1 Region.
Request an Amazon issued private certificate from AWS Certificate Manager (ACM) in the us-west-1 Region.
Request an Amazon issued public certificate from AWS Certificate Manager (ACM) in the us-east-1 Region.
Request an Amazon issued public certificate from AWS Certificate Manager (ACM) in the us-west-1 Region.
Explanations:
Amazon-issued private certificates are only usable within AWS services for private domains and cannot be used for public-facing CloudFront distributions. Therefore, this option would not work for the company’s requirement of a different domain name in a public context.
Similar to Option A, requesting a private certificate from ACM in any region (including us-west-1) will not meet the requirement for a public-facing CloudFront distribution. Private certificates are not designed for public usage.
Requesting an Amazon-issued public certificate from ACM in the us-east-1 region is the correct solution. Public certificates can be used for CloudFront distributions, and us-east-1 is the required region for CloudFront SSL/TLS configurations. This option allows the company to use a different domain name without incurring extra costs.
While a public certificate is suitable for CloudFront, requesting it from the us-west-1 region is incorrect because CloudFront distributions require certificates to be issued in the us-east-1 region. Therefore, this option does not satisfy the requirement.