Cloudfront Security

[ins]

Hi,

During the practice Exam i dont understand the answer about the Question #14 (Timed mode Set 1)

“If you want to require HTTPS between viewers and CloudFront, you must change the AWS region to US East (N. Virginia) in the AWS Certificate Manager console before you request or import a certificate”

And why this answer is incorrect

“The option that says: <strong style=”font-family: inherit; font-size: inherit;”>In the

us-west-1 region, request a public AWS Certificate Manager(ACM) certificate for the custom domain name. Use this certificate to enable HTTPS between CloudFront and the clients is incorrect. The ACM certificate must be requested or imported in the US East (N. Virginia) region for the HTTPS connection between CloudFront and clients to work.”

I really not understand why it’s mandatory to change region to set up Cloudfront and so to be outside the region of the ALB !

Thanks for your help.

Best regards

[michiv]

Because CloudFront is a Global service and so you have to manage it using the N.Virginia zone.

[Tutorials-Dojo]

Hi Ins,

Just as mentioned by Michiv, it is really a requirement that you request the ACM certificate on the us-east-1 region. This is supported by the reference links in our explanation.

Here’s on AWS documentation for reference:

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.html#https-requirements-certificate-issuer

Cheers,

Jon Bonso