Associate ACM Certificate with CloudFront Distribution

Answer: A.

Option A is CORRECT because to use an ACM certificate with CloudFront, you must request or import the certificate in the US East (N.

Virginia) region.

Option B is incorrect because ACM does not copy certificates from ap-south-1 to other regions.

If an ACM certificate from us-east-1 is associated with a CloudFront distribution, the ACM certificate can be copied across AWS regions.

Option C is incorrect because AWS CLI does not allow copying an ACM certificate from one region to another.

Option D is incorrect because you do not need to create a new certificate in every region.

Instead, you should create a certificate in the us-east-1 region and use that on CloudFront to serve the content globally.

Refer to the below snapshot for more details:Reference:

https://docs.aws.amazon.com/acm/latest/userguide/acm-services.html. https://aws.amazon.com/certificate-manager/faqs/

When serving content over SSL/TLS through Amazon CloudFront, you need to have an SSL/TLS certificate. Amazon Certificate Manager (ACM) is a service that allows you to easily provision, manage, and deploy SSL/TLS certificates for use with AWS services.

ACM certificates are regional, meaning that they can only be used within the region in which they were created or imported. In this case, you have an ACM certificate installed in the ap-south-1 region that you want to use for your CloudFront distribution.

To associate an ACM certificate with a CloudFront distribution, you have a few options:

A. Request or import a new certificate in the us-east-1 (N. Virginia) region in ACM. Update the CloudFront distribution to use the certificate.

This option involves creating or importing a new ACM certificate in a different region and updating the CloudFront distribution to use the new certificate. While this is possible, it's not the best option in this case because it would require additional work and potentially incur additional costs for managing a new certificate.

B. ACM can copy the certificate across AWS regions for CloudFront distributions. You can directly update the CloudFront distribution to use the certificate in ACM.

This option is the best choice for this scenario. ACM can copy the certificate across AWS regions so that it can be used in other regions, including the region where the CloudFront distribution is deployed. You can directly update the CloudFront distribution to use the certificate in ACM.

C. Use the AWS command-line to copy the certificate from ap-south-1 to us-east-1. Update the CloudFront distribution to use the certificate from the us-east-1 region.

This option involves using the AWS command-line interface (CLI) to manually copy the certificate from the ap-south-1 region to the us-east-1 region. While this is possible, it's not the best option in this case because it would require additional work and potentially incur additional costs for managing a new certificate.

D. In ACM, request or import a new certificate in every region where you want the CloudFront distribution to serve the clients. Configure the CloudFront distribution to use all the ACM certificates.

This option involves creating or importing a new ACM certificate in every region where you want to serve your clients with the CloudFront distribution. While this is possible, it's not the best option in this case because it would require additional work and potentially incur additional costs for managing multiple certificates.

In summary, the best option for associating an ACM certificate with a CloudFront distribution is to use option B, where ACM can copy the certificate across AWS regions for CloudFront distributions.