AWS Certified Solutions Architect – Associate (SAA-C03) — Question 875

A company hosts an application on AWS. The application gives users the ability to upload photos and store the photos in an Amazon S3 bucket. The company wants to use Amazon CloudFront and a custom domain name to upload the photo files to the S3 bucket in the eu-west-1 Region.

Which solution will meet these requirements? (Choose two.)

Answer options

• A. Use AWS Certificate Manager (ACM) to create a public certificate in the us-east-1 Region. Use the certificate in CloudFront.
• B. Use AWS Certificate Manager (ACM) to create a public certificate in eu-west-1. Use the certificate in CloudFront.
• C. Configure Amazon S3 to allow uploads from CloudFront. Configure S3 Transfer Acceleration.
• D. Configure Amazon S3 to allow uploads from CloudFront origin access control (OAC).
• E. Configure Amazon S3 to allow uploads from CloudFront. Configure an Amazon S3 website endpoint.

Correct answer: A, D

Explanation

To use a custom SSL certificate with Amazon CloudFront, AWS Certificate Manager (ACM) must provision the certificate in the us-east-1 Region. To securely allow CloudFront to upload files to the destination Amazon S3 bucket, Amazon S3 must be configured to allow uploads via CloudFront origin access control (OAC). S3 website endpoints do not support POST/PUT operations, and ACM certificates for CloudFront cannot be used if created in other regions like eu-west-1.