A start-up firm has installed a web application on multiple Amazon EC2 instances behind an Application load balancer in the us-west-1 region.
SSL termination is done on ALB integrated with AWS ACM (AWS Certificate Manager) for SSL certificate provisioning and maintenance.
The same setup is planned to be implemented in the ap-south-1 region.
You are engaged for AWS ACM readiness in this region. What setting with AWS ACM will suffice this requirement?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: A.
AWS ACM certificates are regional resources.
To use these certificates in a multi-region setup, certificates need to be provisioned at each region where the application is deployed.
In the above case, a new certificate needs to be issued in the ap-south-1 region.
Option B is incorrect as AWS ACM SSL certificates cannot be copied between regions.
Option C is incorrect as AWS ACM is a regional service, SSL certificate in the us-west-1 region cannot be used for web application in the ap-south-1 region.
Option D is incorrect as AWS ACM is a regional service, AWS ACM certificate in the us-west-1 region cannot be used for web application in the ap-south-1 region.
For more information on AWS ACM, refer to the following URL,
https://docs.aws.amazon.com/acm/latest/userguide/acm-regions.htmlThe best option to satisfy the requirement of SSL termination on the ALB in the ap-south-1 region would be to create a new AWS ACM certificate in the ap-south-1 region and provision a new SSL certificate, which is Option A.
Explanation:
AWS ACM (AWS Certificate Manager) is a service that provides SSL/TLS certificates for websites and applications hosted on AWS. When a user requests a web application hosted on EC2 instances, the request is routed through an Application Load Balancer (ALB). The ALB terminates the SSL connection and then forwards the request to the EC2 instances. This allows for secure communication between the user and the web application.
In this case, the start-up firm has already installed a web application on multiple EC2 instances behind an ALB in the us-west-1 region, and SSL termination is done on ALB integrated with AWS ACM for SSL certificate provisioning and maintenance. The same setup is planned to be implemented in the ap-south-1 region.
Option A, creating an AWS ACM certificate in the ap-south-1 region and provisioning a new SSL certificate, is the best option because it ensures that the SSL certificate is specifically designed for the ap-south-1 region. It also ensures that the certificate is managed and maintained separately from the certificate used in the us-west-1 region.
Option B, copying the SSL certificate from the us-west-1 region to the ap-south-1 region, is not the best option because it can create issues with certificate management. It can also result in a longer propagation time for the SSL certificate to be distributed globally.
Option C, creating another SSL certificate in AWS ACM of us-west-1 region and using it for the web application in the ap-south-1 region, is not the best option because the SSL certificate is designed for the us-west-1 region, and it is not advisable to use it for a different region.
Option D, creating a new ACM certificate in the us-west-1 region and using the SSL certificate from the us-west-1 region for the web application in the ap-south-1 region, is not the best option because it does not satisfy the requirement of SSL termination in the ap-south-1 region.