Which of the following are valid configurations for using SSL certificates with Amazon CloudFront? (Select THREE)

Which of the following are valid configurations for using SSL certificates with Amazon CloudFront? (Select THREE)

A. Default AWS Certificate Manager certificate

B. Custom SSL certificate stored in AWS KMS

C. Default CloudFront certificate

D. Custom SSL certificate stored in AWS Certificate Manager

E. Default SSL certificate stored in AWS Secrets Manager

F. Custom SSL certificate stored in AWS IAM

View Answer

Answer: A C D

Explanation:

Here are the valid configurations for using SSL certificates with Amazon CloudFront:

A. Default AWS Certificate Manager certificate

Yes, you can use the certificates provided by the AWS Certificate Manager (ACM) with CloudFront. ACM handles the complexity of creating and managing public SSL/TLS certificates for your AWS based websites and applications.

B. Custom SSL certificate stored in AWS KMS

No, AWS Key Management Service (KMS) is not used for storing SSL certificates. It is primarily used for creating and controlling encryption keys.

C. Default CloudFront certificate

Yes, CloudFront provides default SSL certificates that can be used for your distribution. When you use the CloudFront domain name in your URLs (like d12345abcdefg.cloudfront.net), the distribution uses a CloudFront certificate.

D. Custom SSL certificate stored in AWS Certificate Manager

Yes, you can upload custom SSL certificates to AWS Certificate Manager (ACM) and use them with your CloudFront distribution. Using ACM is a good practice because it helps in managing the renewal and deployment of certificates seamlessly.

E. Default SSL certificate stored in AWS Secrets Manager

No, AWS Secrets Manager is not used for storing default SSL certificates. It is primarily used to manage sensitive information, including secrets and database credentials.

F. Custom SSL certificate stored in AWS IAM

Yes, before AWS Certificate Manager became the preferred way to upload and manage custom SSL certificates, IAM was used to upload and manage custom SSL certificates for use with various AWS services, including CloudFront.

Therefore, the valid configurations are options A, C, and D.