AWS Certified Developer – Associate — Question 316

An ecommerce company is launching a new application that will be publicly accessible. The company deployed the application on Amazon EC2 instances behind an Application Load Balancer (ALB) in the us-east-1 Region. The EC2 instances are in an Auto Scaling group.

A developer needs to make the application secure by using TLS/SSL certificates provisioned by AWS. The developer also needs to configure the existing domain www.example.com in Amazon Route 53.

Which combination of steps should the developer take to meet these requirements? (Choose two.)

Answer options

• A. Configure an A record in Route 53 with the ALB as the target. Request the www.example.com TLS/SSL certificate in IAM server certificates.
• B. Configure an A record in Route 53 with the ALB as the target. Request the www.example.com TLS/SSL certificate in AWS Certificate Manager (ACM).
• C. Add the www.example.com certificate to the HTTP listener. Add a rule with www.example.com as the host. Forward the traffic to a target group that contains the Auto Scaling group.
• D. Configure an A record in Route 53 with the ALB as the target. Request the www.example.com TLS/SSL certificate in Route 53.
• E. Create an HTTPS listener in the ALB. Add the www.example.com certificate to the listener. Add a rule with www.example.com as the host. Forward the traffic to a target group that contains the Auto Scaling group.

Correct answer: B, E

Explanation

AWS Certificate Manager (ACM) is the standard service for provisioning and managing TLS/SSL certificates for AWS resources like ALBs, making option B correct. To secure the connection, an HTTPS listener must be configured on the ALB to use the ACM certificate and route traffic to the backend target group, making option E correct.