Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 577 discussion

C is correct. "ACM provides managed renewal for your Amazon-issued SSL/TLS certificates. This means that ACM will either renew your certificates automatically (if you are using DNS validation), or it will send you email notices when expiration is approaching. These services are provided for both public and private ACM certificates." https://docs.aws.amazon.com/acm/latest/userguide/managed-renewal.html

The key reasons are: AWS Certificate Manager (ACM) provides free public TLS/SSL certificates and handles certificate renewals automatically. Using DNS validation with ACM is operationally efficient since it automatically makes changes to Route 53 rather than requiring manual validation steps. ACM integrates natively with CloudFront distributions for delivering HTTPS content. CloudFront security policies and origin access controls do not issue TLS certificates. Email validation requires manual steps to approve the domain validation emails for each renewal.

For me, C is the only realistic option as I don't think you can do AB without a lot of complexity. D just makes no sense.

Use AWS Certificate Manager (ACM) to create a certificate. Use DNS validation for the domain

C 似乎是正確的

"DNS Validation is preferred for automation purposes" -- Stephane's course on Udemy

C seems to be correct

I think the general product uses DNS rather than email to automate, is the given answer correct?