AWS Certified Developer – Associate (DVA-C02) — Question 37

A developer is creating an application that includes an Amazon API Gateway REST API in the us-east-2 Region. The developer wants to use Amazon CloudFront and a custom domain name for the API. The developer has acquired an SSL/TLS certificate for the domain from a third-party provider.
How should the developer configure the custom domain for the application?

Answer options

• A. Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the same Region as the API. Create a DNS A record for the custom domain.
• B. Import the SSL/TLS certificate into CloudFront. Create a DNS CNAME record for the custom domain.
• C. Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the same Region as the API. Create a DNS CNAME record for the custom domain.
• D. Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the us-east-1 Region. Create a DNS CNAME record for the custom domain.

Correct answer: D

Explanation

The correct answer is D because AWS Certificate Manager requires the SSL/TLS certificate to be in the us-east-1 Region for use with CloudFront distributions, irrespective of where the API is hosted. Options A and C are incorrect as they place the certificate in the wrong region, and option B incorrectly suggests importing the certificate into CloudFront directly, which is not how ACM functions.