Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 855 discussion

Have to use east-1 region for ACM, and it should be public SSL/TLS for domain, so it should be C

AnswerC Per AWS "Public SSL/TLS certificates provisioned through AWS Certificate Manager are free. You pay only for the AWS resources you create to run your application." https://aws.amazon.com/certificate-manager/pricing/?nc=sn&loc=3 But hence AWS is recommending to use US east 1 I think I would go with C Note We recommend that you use ACM to provision, manage, and deploy SSL/TLS certificates on AWS managed resources. You must request an ACM certificate in the US East (N. Virginia) Region. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-procedures.html

browsers trust public certificates automatically by default > C or D To use an ACM certificate with Amazon CloudFront, you must request or import the certificate in the US East (N. Virginia) region [Nowhere is it stated why is this though...] > C

The certificate has to be public. The certificate has to be issued in us-east-1: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.html "To use an ACM certificate with CloudFront, make sure you request (or import) the certificate in the US East (N. Virginia) Region (us-east-1)."

https://aws.amazon.com/certificate-manager/pricing/ AWS Certificate Manager Pricing Public SSL/TLS certificates provisioned through AWS Certificate Manager are free. You pay only for the AWS resources you create to run your application. If you manage AWS Private Certificate Authority (CA) through ACM, refer to the AWS Private CA Pricing page for more details and examples.

It is c

Should be c, it is a public certificate

CloudFront should have a private cert and browser use public cert aiming to achieve non-repudiation. Ans should be A

This should be C. Private CA is not free