Which solution will meet these requirements MOST cost-effectively?
Provision a public SSL/TLS certificate through AWS Certificate Manager (ACM). Configure the new certificate on the HTTPS listener for the ALB.
Use AWS Certificate Manager Private Certificate Authority to issue an SSL/TLS certificate. Configure the new certificate on the HTTPS listener for the ALB.
Create a self-signed certificate on one of the EC2 instances in the Auto Scaling group. Export the certificate, and configure it on the HTTPS listener for the ALB.
Deploy an EC2-hosted certificate authority (CA). Import a trusted root certificate. Issue a new SSL/TLS certificate. Configure the new certificate on the HTTPS listener for the ALB.
Explanations:
AWS Certificate Manager (ACM) provides free public SSL/TLS certificates, which can be directly integrated with the Application Load Balancer. This option is the most cost-effective and efficient solution for securing the web application.
AWS Certificate Manager Private Certificate Authority (ACM PCA) is intended for private certificates and has an associated cost. Public SSL certificates are not issued by ACM PCA, making this option unsuitable and more expensive.
Self-signed certificates are not trusted by browsers, which would result in security warnings for end users. Public-facing applications need publicly trusted certificates, so this option does not meet the requirements.
Deploying an EC2-hosted certificate authority (CA) to issue SSL certificates is complex, requires additional maintenance, and incurs higher costs. Public CA certificates are more cost-effective through ACM, making this option inefficient.