AWS Certified Developer – Associate — Question 414

A developer is configuring an Amazon CloudFront distribution for a new application to provide encryption in transit. The application is running in the eu-west-1
Region. The developer creates a new certificate in AWS Certificate Manager (ACM) in eu-west-1, but the certificate is not visible in the CloudFront distribution settings.
What should the developer do to fix this problem?

Answer options

• A. Create the certificate for the domain in the same Region as the application. Ensure that the alternate domain name (CNAME) in the distribution settings matches the domain name in the certificate.
• B. Create the certificate in the eu-west-1 Region. Ensure that the alternate domain name (CNAME) in the distribution settings matches the domain name in the certificate.
• C. Recreate the CloudFront distribution in the same Region as the certificate.
• D. Specify the ACM certificate name as the default root object of the CloudFront distribution.

Correct answer: B

Explanation

The correct answer is B because CloudFront requires ACM certificates to be created in the us-east-1 Region for use with custom domains. Since the application is in eu-west-1, the certificate must also be in the same region to be recognized by CloudFront. Options A, C, and D do not address the requirement of the certificate's region, which is why they are incorrect.