Ensure Secure Communication with CloudFront and S3 Bucket

Answer - A and B.

This is mentioned in the AWS Documentation.

· If you're using the domain name that CloudFront assigned to your distribution, such as d111111abcdef8.cloudfront.net, you change the Viewer Protocol Policy setting for one or more cache behaviors to require HTTPS communication.

In that configuration, CloudFront provides the SSL/TLS certificate.

To change the value of Viewer Protocol Policy by using the CloudFront console, see the procedure later in this section.

· If you're using your own domain name, such as example.com, you need to change several CloudFront settings.

You also need to use an SSL/TLS certificate provided by AWS Certificate Manager (ACM), import a certificate from a third-party certificate authority into ACM or the IAM certificate store.

Option C is incorrect since you need to use SSL certificates and not KMS keys.

Option D is incorrect since CORS is used for access between domains.

For more information on using CNAMEs and HTTPs, please visit the below URL.

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-viewers-to-cloudfront.html https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-alternate-domain-names.html

To distribute objects to users worldwide using an S3 bucket and CloudFront distribution while using a custom domain name with secure communication, the following steps should be part of the implementation plan:

A. Change the Viewer protocol Policy to require HTTPS between viewers and CloudFront.

CloudFront supports HTTP and HTTPS protocols to communicate with the viewers. However, it is recommended to use HTTPS for secure communication. The viewer protocol policy determines whether CloudFront serves content to viewers using HTTP or HTTPS. By changing the viewer protocol policy to require HTTPS, CloudFront ensures that all requests from the viewer are encrypted, and the communication remains secure.

B. Import an SSL certificate to ACM and use the certificate in the CloudFront distribution.

Using HTTPS requires an SSL/TLS certificate to encrypt the data transmitted between the viewer and CloudFront. AWS Certificate Manager (ACM) provides a service to import, manage, and deploy SSL/TLS certificates to use with AWS services, including CloudFront. Importing the SSL certificate to ACM and using it with the CloudFront distribution ensures that the communication between the viewer and CloudFront is secure.

Therefore, options A and B should be part of the implementation plan to use a custom domain name with the CloudFront distribution and ensure secure communication.

C. Create a KMS CMK Key and use the key in the CloudFront distribution.

AWS Key Management Service (KMS) is a managed service that allows the creation and control of encryption keys. While KMS can be used with CloudFront, it is not required for using a custom domain name and ensuring secure communication.

D. Apply CORS for the CloudFront distribution.

Cross-Origin Resource Sharing (CORS) is a mechanism that allows a web page to make requests to a domain different from the domain that served the web page. While CORS can be used with CloudFront, it is not required for using a custom domain name and ensuring secure communication.

In conclusion, options A and B are the correct choices to ensure secure communication and use a custom domain name with CloudFront.