Deploying Certificates for Securing a Web Application on Amazon EC2 with ELB - AWS Certified Advanced Networking - Specialty Exam

Automated Certificate Installation for Securing Web Applications on Amazon EC2 with ELB

Prev Question Next Question

Question

A pharma company is deploying a new web application on an Amazon EC2 instance launched in multiple AZ.

This web application will be accessed by third-party vendors for the latest medical drug formulation information.

ELB will be configured to load balance traffic across multiple EC2 instances.

To enhance security between clients & EC2 instances, the IT Team has decided to create certificates for this application.

Which of the following is an automated way to install certificates for securing this web application?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer - A.

ACM Certificates cannot be directly added to web applications deployed on Amazon EC2 instances.

These need to be added with integrated services which are Elastic Load Balancing, Amazon CloudFront, AWS Elastic Beanstalk, Amazon API Gateway or AWS CloudFormation.

Also, while installing an ACM certificate, algorithm & key size must be specified.

Options B & D are incorrect as ACM cannot be directly installed on the EC2 instance.

These need to use along with other integrated services.

Option C is incorrect as While specifying ACM certificate, algorithm & key size must be specified.

For more information on the public certificate provided by ACM, refer to the following URL.

https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html

The best option to secure the web application using SSL/TLS certificates is to use AWS Certificate Manager (ACM) for managing and installing the certificates automatically. The certificate ensures secure communication between the clients and the EC2 instances.

In this case, the IT team can install ACM certificates on the Elastic Load Balancer (ELB) that is configured to load balance traffic across multiple EC2 instances. This allows the ELB to terminate SSL/TLS connections and decrypt the traffic before forwarding it to the backend EC2 instances. By doing so, the clients need not establish SSL/TLS connections directly with the backend EC2 instances, which enhances security.

Option A: Install ACM certificates on ELB for web application specifying algorithm & key size for the certificate. This option is the best choice. The IT team can install the ACM certificates on the ELB, which can terminate the SSL/TLS connections and decrypt the traffic before forwarding it to the backend EC2 instances. The certificate can be specified with the algorithm and key size required for the application.

Option B: Install ACM certificates on an EC2 instance for web application specifying algorithm & key size for the certificate. This option is not recommended as it requires the IT team to install and manage the certificates on each EC2 instance, which can be challenging and time-consuming. It also does not provide the same level of security as terminating SSL/TLS connections at the ELB.

Option C: Install ACM certificates on ELB for web applications specifying an algorithm for the certificate. This option is not as specific as Option A as it only requires specifying the algorithm and does not include the key size. The key size is an important parameter that affects the security of the SSL/TLS connections.

Option D: Install ACM certificates on an EC2 instance for web application specifying an algorithm for the certificate. This option is the same as Option B and is not recommended for the same reasons mentioned above.

In conclusion, Option A is the best choice as it allows the ELB to terminate the SSL/TLS connections and decrypt the traffic before forwarding it to the backend EC2 instances, and it provides the necessary security for the web application.