AWS Certified Solutions Architect – Associate (SAA-C03) — Question 562

A company uses an Amazon CloudFront distribution to serve content pages for its website. The company needs to ensure that clients use a TLS certificate when accessing the company's website. The company wants to automate the creation and renewal of the TLS certificates.

Which solution will meet these requirements with the MOST operational efficiency?

Answer options

• A. Use a CloudFront security policy to create a certificate.
• B. Use a CloudFront origin access control (OAC) to create a certificate.
• C. Use AWS Certificate Manager (ACM) to create a certificate. Use DNS validation for the domain.
• D. Use AWS Certificate Manager (ACM) to create a certificate. Use email validation for the domain.

Correct answer: C

Explanation

AWS Certificate Manager (ACM) handles the automated creation and renewal of TLS certificates. When using DNS validation, ACM can automatically renew certificates before they expire without any manual intervention, whereas email validation requires manual action for renewal. CloudFront security policies and Origin Access Control (OAC) are not designed to generate TLS certificates.