AWS Certified Solutions Architect – Associate (SAA-C02) — Question 795

A company wants its public web application to run on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). The application must use a publicly trusted SSL certificate.
Which solution will meet these requirements MOST cost-effectively?

Answer options

• A. Provision a public SSL/TLS certificate through AWS Certificate Manager (ACM). Configure the new certificate on the HTTPS listener for the ALB.
• B. Use AWS Certificate Manager Private Certificate Authority to issue an SSL/TLS certificate. Configure the new certificate on the HTTPS listener for the ALB.
• C. Create a self-signed certificate on one of the EC2 instances in the Auto Scaling group. Export the certificate, and configure it on the HTTPS listener for the ALB.
• D. Deploy an EC2-hosted certificate authority (CA). Import a trusted root certificate. Issue a new SSL/TLS certificate. Configure the new certificate on the HTTPS listener for the ALB.

Correct answer: A

Explanation

AWS Certificate Manager (ACM) provides public SSL/TLS certificates at no additional cost when associated with supported AWS resources like an Application Load Balancer (ALB). Options B and D introduce unnecessary complexity and high monthly costs associated with running a private or self-hosted Certificate Authority. Option C is incorrect because self-signed certificates are not publicly trusted and will trigger security warnings in users' web browsers.