You are setting up a website for a small company.
This website serves up images and is very resource intensive.
You have decided to serve up the images using Cloudfront.
There is a requirement though the content should be served up using a custom domain and should work with https.
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - B and C.
Custom SSL certificate support lets you deliver content over HTTPS using your own domain name and your own SSL certificate.
This gives visitors to your website the security benefits of CloudFront over an SSL connection that uses your own domain name in addition to lower latency and higher reliability.
Note: Please note that some older browsers do not support SNI and will not be able to establish a connection with CloudFront to load the HTTPS version of your content.
https://aws.amazon.com/cloudfront/custom-ssl-domains/Option C is correct.
If we want to use our own domain name, we need to use Amazon Route 53 to create an alias record that points to our CloudFront distribution.
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-cloudfront-distribution.htmlOption A is incorrect because a custom SSL certificate or third-party certificate can not be configured in Route53.
Option D is incorrect because Origin Access identity(OAI) does not deal with custom SSL.
It is only used to ensure that the origin is accessible with CloudFront distribution only.
More information on Custom SSL Domains:
AWS Cloudfront can use IAM certificates.
Reference Link:
https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-custom-certificate/Also, there is a discussion forum on the same topic ""ssl certificate IAM" in the Amazon CloudFront Discussion Forum"
It is helpful in understanding this topic further.
For more information on CloudFront custom SSL domains, please visit the below URL-
https://aws.amazon.com/cloudfront/custom-ssl-domains/Sure, I'd be happy to explain each answer option in detail:
A. You must provision and configure your own SSL certificate in Route 53 and associate it to your CloudFront distribution.
This option suggests that you would need to obtain your own SSL certificate and configure it to use with your CloudFront distribution. SSL certificates are used to secure communications between clients (such as web browsers) and servers (such as CloudFront). Route 53 is a DNS service offered by AWS, and it can be used to manage the domain name for your website.
To use this option, you would first need to obtain an SSL certificate from a certificate authority (CA) and upload it to AWS. Once you have the certificate, you can create a new CloudFront distribution or update an existing one to use the certificate. In addition, you would need to configure your Route 53 DNS settings to associate the custom domain name with the CloudFront distribution.
B. You must provision Server Name Indication (SNI) Custom SSL for your CloudFront Distribution.
This option suggests that you should use Server Name Indication (SNI) to provide a custom SSL certificate for your CloudFront distribution. SNI is an extension to the TLS protocol (which is used to secure communications between clients and servers) that allows multiple SSL certificates to be used on a single IP address.
To use this option, you would need to obtain an SSL certificate and upload it to AWS. When creating or updating your CloudFront distribution, you can select the SNI Custom SSL option and choose the certificate you uploaded. You would also need to configure your Route 53 DNS settings to associate the custom domain name with the CloudFront distribution.
C. You must provision and configure an ALIAS in Route 53 and associate it to your CloudFront distribution.
This option suggests that you should use an ALIAS record in Route 53 to associate your custom domain name with your CloudFront distribution. An ALIAS record is a special type of DNS record that can be used to map a domain name to another AWS resource, such as a CloudFront distribution.
To use this option, you would need to create an ALIAS record in Route 53 and point it to your CloudFront distribution. You would also need to ensure that your CloudFront distribution is configured to accept requests for the custom domain name.
D. You must create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket where the images are stored.
This option suggests that you should use an Origin Access Identity (OAI) to restrict access to the objects in your S3 bucket. An OAI is a special CloudFront user that is used to access objects in an S3 bucket. By using an OAI, you can ensure that only requests from CloudFront are able to access the objects in your S3 bucket.
To use this option, you would need to create an OAI and grant it access to the objects in your S3 bucket. You would also need to update your CloudFront distribution to use the OAI when accessing the objects in your S3 bucket. Finally, you would need to ensure that your CloudFront distribution is configured to accept requests for the custom domain name and that the domain name is associated with the CloudFront distribution.
In conclusion, all of these options are valid ways to serve up images using CloudFront and a custom domain with HTTPS. The best option depends on your specific requirements and preferences.