Certificate Installation for ELB in AWS Cloud Infrastructure

Certificate Installation for ELB

Prev Question Next Question

Question

A global IT firm is planning to host an intranet HR web application on EC2 instance behind ELB.

This HR application has multiple domains & will be accessed from their regional offices spread across the globe.

To reduce latency & have enhanced performance, they are planning to deploy this web application in respective AWS regions.

At all these locations, ELB will be deployed to provide high availability across multiple EC2 instances.

IT Team has purchased SSL/TLS certificates from a third-party vendor for existing web applications which they want to reuse while deploying applications in AWS cloud infrastructure.

IT head is concerned about reusing these certificates along with managing the expiration of these certificates.

Which of the following is true with regards to certificate installation for ELB in the above case?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer - B.

With ACM, SSL/TLS certificates can be imported which are issued by a third-party vendor.

ACM certificates are regional resources.

So it needs to be imported in each region where ELB is deployed.

Also, for imported certificates, ACM does not manage the expiration of certificates & this needs to be taken care of by the customer.

Option A is incorrect as ACM does not manage the renewal of imported certificates & needs to be managed by the customer.

Option C is incorrect as the Certificate needs to be imported in US East Region only if the certificate needs to be used with Amazon CloudFront.

For ELB, the certificate needs to be imported in each region where ELB is deployed.

Option D is incorrect as the Certificate needs to be imported in US East Region only if the certificate needs to be used with Amazon CloudFront.

Also, for imported certificates, ACM does not manage certificate renewals.

For more information on importing certificates with ACM, refer to the following URL.

https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html

In this scenario, the global IT firm is planning to host an intranet HR web application on EC2 instances behind ELB in multiple AWS regions. The IT team has already purchased SSL/TLS certificates from a third-party vendor for existing web applications and wants to reuse them while deploying the applications in the AWS cloud infrastructure.

To use the SSL/TLS certificates with the ELB in each region, the certificates must be imported into AWS. AWS provides two options for importing certificates: AWS Certificate Manager (ACM) and AWS Identity and Access Management (IAM).

Option A states that the certificate needs to be imported in each region where ELB is deployed, and ACM will be performing the renewal of certificates. This option is the most appropriate one as it provides high availability and reduces latency for the HR web application in different AWS regions. ACM is a managed service provided by AWS that helps in deploying and managing SSL/TLS certificates for AWS services. ACM automates the renewal of the certificates, and the IT team does not have to worry about managing the expiration of the certificates.

Option B states that the certificate needs to be imported in each region where ELB is deployed, and ACM will not perform the renewal of certificates. This option is incorrect as it does not provide any automated mechanism for certificate renewal. The IT team will have to manually renew the certificates before they expire, which can be a cumbersome task.

Option C states that the certificate needs to be imported into the US East Region and used for all ELB in different regions while ACM will not perform the renewal of certificates. This option is also incorrect as it does not provide high availability and reduces latency for the HR web application in different AWS regions.

Option D states that the certificate needs to be imported into the US East Region and used for all ELB in different regions while ACM will be performing the renewal of certificates. This option is incorrect as it does not provide high availability and reduces latency for the HR web application in different AWS regions.

Therefore, the correct answer is option A: The certificate needs to be imported in each region where ELB is deployed, and ACM will be performing the renewal of certificates.