Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 149 discussion

B. Set the Origin Protocol Policy to “HTTPS Only”: This setting ensures that all traffic between CloudFront and the web application (origin) is encrypted. By setting the Origin Protocol Policy to "HTTPS Only," CloudFront will only connect to the origin over HTTPS, ensuring encryption of data in transit. D. Set the Viewer Protocol Policy to “HTTPS Only” or “Redirect HTTP to HTTPS”: This setting is crucial for ensuring that all traffic between the users (viewers) and CloudFront is encrypted. By setting the Viewer Protocol Policy to "HTTPS Only" or "Redirect HTTP to HTTPS," CloudFront ensures that user requests are either only served over HTTPS or automatically redirected from HTTP to HTTPS.

BD is the correct answer.

BD: Protocol and Viewer protocol policy, see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html

B and D are the correct ones. B: Setting the Origin Protocol Policy to “HTTPS Only” ensures that CloudFront always uses HTTPS to connect to the origin, which is the web application in this scenario. D: Setting the Viewer Protocol Policy to “HTTPS Only” ensures that CloudFront will only serve requests over HTTPS. Setting it to “Redirect HTTP to HTTPS” ensures that any HTTP request from viewers is redirected to HTTPS.

The correct answers are (B) and (D). To meet the requirement to encrypt all traffic between users and CloudFront, your organization must set the Viewer Protocol Policy to “HTTPS Only” or “Redirect HTTP to HTTPS”. This will force users to use HTTPS to connect to CloudFront. To meet the requirement to encrypt all traffic between CloudFront and the web application, your organization must set the Origin Protocol Policy to “HTTPS Only”. This will force CloudFront to use HTTPS to connect to the web application.