Monitor HTTPS Traffic to CloudFront Setup

Answer - C.

The AWS documentation mentions the following.

AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to Amazon CloudFront or an Application Load Balancer.

For more information on AWS WAF please refer to the below URL:

The correct answer to this question is B. AWS Cloudfront logs.

AWS Cloudfront is a content delivery network (CDN) service provided by Amazon Web Services (AWS) that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds. It has the ability to distribute content from multiple locations, which improves performance and reduces latency.

When you enable logging for your Cloudfront distribution, logs are generated for every request that is made to your Cloudfront distribution. These logs are stored in Amazon S3 buckets, and you can use services such as Amazon Athena, Amazon EMR, or AWS Glue to analyze the logs.

In this case, since the requirement is to monitor HTTPS traffic directed to the Cloudfront setup, enabling logging for the Cloudfront distribution will capture information about all requests that are made, including those made over HTTPS. This information can be used for troubleshooting and monitoring purposes.

AWS Shield is a managed DDoS protection service that safeguards applications running on AWS. It does not provide monitoring capabilities for Cloudfront traffic.

AWS WAF (Web Application Firewall) is a security service that provides protection against common web exploits and vulnerabilities. While it can be used to monitor and filter traffic to Cloudfront, it does not provide detailed logging capabilities.

AWS CloudWatch is a monitoring service that provides data and insights into AWS resources, applications, and services. While it can be used to monitor Cloudfront traffic, it does not provide specific logging capabilities for Cloudfront traffic.