AWS Certified Data Engineer – Associate (DEA-C01) — Question 175

A company hosts its applications on Amazon EC2 instances. The company must use SSL/TLS connections that encrypt data in transit to communicate securely with AWS infrastructure that is managed by a customer.

A data engineer needs to implement a solution to simplify the generation, distribution, and rotation of digital certificates. The solution must automatically renew and deploy SSL/TLS certificates.

Which solution will meet these requirements with the LEAST operational overhead?

Answer options

• A. Store self-managed certificates on the EC2 instances.
• B. Use AWS Certificate Manager (ACM).
• C. Implement custom automation scripts in AWS Secrets Manager.
• D. Use Amazon Elastic Container Service (Amazon ECS) Service Connect.

Correct answer: B

Explanation

AWS Certificate Manager (ACM) is specifically designed to handle the provisioning, management, and renewal of SSL/TLS certificates with minimal operational effort, making it the best solution. Self-managed certificates require manual handling, while custom automation scripts add complexity and maintenance overhead. Amazon ECS Service Connect does not pertain to certificate management.