Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Security – Specialty Cloudfront Security

  • Cloudfront Security

  • ins

    Member
    July 10, 2023 at 2:17 am

    Hi,

    During the practice Exam i dont understand the answer about the Question #14 (Timed mode Set 1)

    “If you want to require HTTPS between viewers and CloudFront, you must change the AWS region to US East (N. Virginia) in the AWS Certificate Manager console before you request or import a certificate”

    And why this answer is incorrect

    The option that says: <strong style=”font-family: inherit; font-size: inherit;”>In the

    us-west-1 region, request a public AWS Certificate Manager(ACM) certificate for the custom domain name. Use this certificate to enable HTTPS between CloudFront and the clients is incorrect. The ACM certificate must be requested or imported in the US East (N. Virginia) region for the HTTPS connection between CloudFront and clients to work.”

    I really not understand why it’s mandatory to change region to set up Cloudfront and so to be outside the region of the ALB !

    Thanks for your help.

    Best regards

  • michiv

    Member
    August 8, 2023 at 12:46 am

    Because CloudFront is a Global service and so you have to manage it using the N.Virginia zone.

  • Tutorials-Dojo

    Administrator
    August 13, 2023 at 7:57 am

    Hi Ins,

    Just as mentioned by Michiv, it is really a requirement that you request the ACM certificate on the us-east-1 region. This is supported by the reference links in our explanation.

    Here’s on AWS documentation for reference:

    https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.html#https-requirements-certificate-issuer

    Cheers,

    Jon Bonso

Viewing 1 - 3 of 3 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now