Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 571 discussion

I don't understand why some many people vote B. In ACM, you can either request certificate from Amazon CA or import an existing certificate. There is no option in ACM that allow you to request a certificate that can be signed by third party CA.

AWS Certificate Manager (ACM) is a service that lets you easily provision, manage, and deploy SSL/TLS certificates for use with AWS services and your internal resources. By creating a certificate in ACM that is signed by the third-party CA, the company can meet its requirement for a specific public third-party CA to sign the TLS certificate.

A. Use a local machine to create a certificate that is signed by the third-party CA. Import the certificate into AWS Certificate Manager (ACM). Create an HTTP API in Amazon API Gateway with a custom domain. Configure the custom domain to use the certificate. Reason: Custom Certificate: Allows you to use a certificate signed by the third-party CA. TLSv1.3 Support: API Gateway supports TLSv1.3 for custom domains. Configuration: You can import the third-party CA certificate into ACM and configure API Gateway to use this certificate with a custom domain. This approach meets all the specified requirements by allowing the use of a third-party CA-signed certificate and ensuring the API endpoints use TLSv1.3.

A is logical answer. BCD are either misworded here or intentionally confusing. Regardless, you cannot create a cert in ACM that is signed by 3rd party CA. You can only import these certs to ACM.

We can't create third party certificates in ACM.

Is this a question from the associate or professional exam ??

ACM can import, but not create, 3rd party certificates. Leaves only A.

You have already a publicly trusted certificate issued by a third party and you just need to import it in ACM not to creat a new one. So, the correct answer is A which is the only one that importing the certificate in ACM while B, C and D are creating a new one.

The answer must be A, You can't create a certificate in ACM, read the below link https://docs.aws.amazon.com/acm/latest/userguide/setup.html

Answer is A: Can I import a third-party certificate and use it with AWS services? Yes. If you want to use a third-party certificate with Amazon CloudFront, Elastic Load Balancing, or Amazon API Gateway, you may import it into ACM using the AWS Management Console, AWS CLI, or ACM APIs. ACM does not manage the renewal process for imported certificates. You can use the AWS Management Console to monitor the expiration dates of an imported certificates and import a new third-party certificate to replace an expiring one.

It's 22/Nov/2023 and from the console you cant create a certificate in AWS Certificate Manager (ACM) that is signed by the third-party CA. But you could obtain it externally then import it into ACM.

Option B meets these requirements: - API Gateway HTTP APIs support TLS 1.3 - ACM can import certificates signed by third-party CAs - API Gateway provides REST APIs

In ACM you can't create a cert signed by another CA. Dude, try it by yourself. There is no such option!

WHY NOT A?

Use ACM to create a certificate signed by the third-party CA. ACM integrates with external CAs. Create an API Gateway HTTP API with a custom domain name. Configure the custom domain to use the ACM certificate. API Gateway supports configuring custom domains with ACM certificates. This allows serving the API over TLS using the required third-party certificate and TLS 1.3 support.

You can provide certificates for your integrated AWS services either by issuing them directly with ACM or by importing third-party certificates into the ACM management system.

Should be A. We need to import third-party certificate to ACM.