A WordPress blogging platform is hosted on Amazon EC2 instances.
The EC2 instances are deployed behind an application load balancer to provide high availability.
The security team has mandated that all client requests must be encrypted in transit with HTTPS.
What is the most cost-effective solution to implement this requirement?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: B.
Option A is incorrect because it would not be the most cost-effective solution as additional costs are associated with creating a CloudFront distribution.
Option B is CORRECT because you can create an HTTPS listener which uses encrypted connections (also known as SSL offload)
This feature enables traffic encryption between your load balancer and the clients that initiate SSL or TLS sessions.
The traffic is forwarded on port 443 to EC2 so that the traffic between ELB and EC2 is also encrypted.
Option C is incorrect because it would not be the most cost-effective solution as there would be additional costs associated with deploying an API gateway and configuring a custom domain.
Option D is incorrect because it would not be the most cost-effective solution as there would be additional costs associated with distributing SSL certificates to each backend server.
It also increases the attack surface due to the presence of multiple copies of the certificate.
Reference:
https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/infrastructure-security.htmlThe correct answer for this question is B. Configure ALB HTTPS Listener and forward the traffic on port 443 to the EC2 instances.
Explanation: The security team has mandated that all client requests must be encrypted in transit with HTTPS. This means that the traffic between the client and the WordPress application should be encrypted with SSL/TLS.
Option A, "Configure Redirect HTTP to HTTPS Viewer Protocol Policy for CloudFront", is incorrect because CloudFront is a content delivery network (CDN) and not a load balancer. While it can redirect HTTP requests to HTTPS, it is not an appropriate solution for load balancing.
Option C, "Configure Custom Domain Name on the Amazon API Gateway", is incorrect because it is not related to load balancing. Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale.
Option D, "Configure HTTPS in the WordPress Settings", is incorrect because this would only encrypt the traffic between the WordPress application and the database, not between the client and the application.
Therefore, the best option for implementing HTTPS encryption for client requests to the WordPress application hosted on Amazon EC2 instances is to configure an HTTPS listener on the Application Load Balancer (ALB) and forward the traffic on port 443 to the EC2 instances. This will ensure that all client requests are encrypted in transit with SSL/TLS and the ALB can also help with distributing traffic across the EC2 instances to provide high availability.
In summary, Option B is the most cost-effective and appropriate solution for meeting the security team's mandate to encrypt client requests in transit with HTTPS.