AWS Certified Advanced Networking - Specialty Exam: CloudFront Configuration for HTTPS with S3 as Origin

Configuration of HTTPS for CloudFront with S3 as the Origin

Prev Question Next Question

Question

Which of the following is true with regards to configuration of https for cloudfront with S3 as the origin.

Choose 3 answers from the options given below.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - B,C and D.

The AWS documentation provides the following information.

Note the following about using HTTPS when the origin is an Amazon S3 bucket:

· If your Amazon S3 bucket is configured as a website endpoint, you can't configure CloudFront to use HTTPS to communicate with your origin because Amazon S3 doesn't support HTTPS connections in that configuration.

· Amazon S3 provides the SSL/TLS certificate, so you don't have to.

When your origin is an Amazon S3 bucket, CloudFront always forwards requests to S3 by using the protocol that viewers used to submit the requests.

If you want to require HTTPS for communication between CloudFront and Amazon S3, you must change the value of Viewer Protocol Policy to Redirect HTTP to HTTPS or HTTPS Only.

For more information on using https with cloudfront as S3 as the origin, please visit the below URL:

http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-cloudfront-to-s3-origin.html

Sure, I'd be happy to explain the configuration of HTTPS for CloudFront with S3 as the origin.

CloudFront is a content delivery network (CDN) that can securely deliver static and dynamic content using HTTPS. S3, on the other hand, is a scalable object storage service that can store and retrieve any amount of data. When you use CloudFront with S3 as the origin, you can use HTTPS to encrypt the communication between CloudFront and S3. Here are the answers to the question:

A. Even if an S3 bucket is configured as a website endpoint, HTTPS can be used between CloudFront and S3. This statement is true. S3 can be configured as a website endpoint to serve static content over HTTP or HTTPS. When you use CloudFront with S3 as the origin, you can use HTTPS to encrypt the communication between CloudFront and S3 even if your S3 bucket is configured as a website endpoint.

B. CloudFront always forwards requests to S3 by using the protocol that viewers used to submit the requests. This statement is also true. When a viewer makes a request to CloudFront, the request is forwarded to S3 using the same protocol (HTTP or HTTPS) that the viewer used to submit the request. This behavior can be changed by configuring the origin protocol policy in the CloudFront distribution.

C. Amazon S3 provides the SSL/TLS certificate. This statement is not entirely true. CloudFront provides SSL/TLS certificates that can be used to encrypt the communication between viewers and CloudFront. However, when CloudFront communicates with S3, it uses the SSL/TLS certificate that is associated with the S3 bucket.

D. If you want to require HTTPS for communication between CloudFront and Amazon S3, you must change the value of Viewer Protocol Policy to Redirect HTTP to HTTPS or HTTPS Only. This statement is true. The Viewer Protocol Policy setting determines whether CloudFront allows HTTP or HTTPS communication between viewers and CloudFront. If you want to require HTTPS for communication between CloudFront and S3, you must change the Viewer Protocol Policy setting to Redirect HTTP to HTTPS or HTTPS Only. This ensures that all communication between viewers, CloudFront, and S3 is encrypted using HTTPS.

In summary, HTTPS can be used between CloudFront and S3 even if the S3 bucket is configured as a website endpoint. CloudFront always forwards requests to S3 using the same protocol that viewers used to submit the requests. CloudFront provides SSL/TLS certificates for encryption between viewers and CloudFront, while S3 provides the SSL/TLS certificate for encryption between CloudFront and S3. To require HTTPS for communication between CloudFront and S3, you must change the Viewer Protocol Policy setting to Redirect HTTP to HTTPS or HTTPS Only.