Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 60 discussion

C. Create a listener rule on the ALB to redirect HTTP traffic to HTTPS. To meet the requirement of forwarding all requests to the website so that the requests will use HTTPS, a solutions architect can create a listener rule on the ALB that redirects HTTP traffic to HTTPS. This can be done by creating a rule with a condition that matches all HTTP traffic and a rule action that redirects the traffic to the HTTPS listener. The HTTPS listener should already be configured to accept HTTPS traffic and forward it to the target group.

Answer C : https://docs.aws.amazon.com/fr_fr/elasticloadbalancing/latest/application/create-https-listener.html https://aws.amazon.com/fr/premiumsupport/knowledge-center/elb-redirect-http-to-https-using-alb/

A. Network ACLs operate at subnet level and control inbound and outbound traffic. Updating the network ACL alone will not enforce the redirection of HTTP to HTTPS. B. This approach would require modifying application code or server configuration to perform URL rewrite. It is not an optimal solution as it adds complexity and potential maintenance overhead. Moreover, it does not leverage the ALB's capabilities for handling HTTP-to-HTTPS redirection. D. While NLB can handle SSL/TLS termination using SNI for routing requests to different services, replacing the ALB solely to enforce HTTP-to-HTTPS redirection would be an unnecessary and more complex solution. Therefore, the recommended approach is to create a listener rule on the ALB to redirect HTTP traffic to HTTPS. By configuring a listener rule, you can define a redirect action that automatically directs HTTP requests to their corresponding HTTPS versions.

Ans C - don't re-invent; just re-direct

https://repost.aws/knowledge-center/elb-redirect-http-to-https-using-alb Steps 6-8 tells exactly how to do this: "6. Select a load balancer, and then choose HTTP Listener. 7. Under Rules, choose View/edit rules. 8. Choose Edit Rule to modify the existing default rule to redirect all HTTP requests to HTTPS. Or, insert a rule between the existing rules (if appropriate for your use case)."

C. Create a listener rule on the ALB to redirect HTTP traffic to HTTPS.

This solution meets all of the requirements: Forward all requests to the website so that the requests will use HTTPS: The ALB can be configured to redirect all HTTP traffic to HTTPS. The other options are not as good for this scenario: A. Updating the ALB's network ACL to accept only HTTPS traffic will prevent users from accessing the website using HTTP. B. Creating a rule that replaces the HTTP in the URL with HTTPS will not prevent users from accessing the website using HTTP. D. Replacing the ALB with a Network Load Balancer configured to use Server Name Indication (SNI) is not necessary because the ALB can be configured to redirect all HTTP traffic to HTTPS.

I hate this question description "The company wants to forward all requests to the website so that the requests will use HTTPS."

The best solution is to create a listener rule on the Application Load Balancer (ALB) to redirect HTTP traffic to HTTPS (option C). Here is why: ALB listener rules allow you to redirect traffic from one listener port (e.g. 80 for HTTP) to another (e.g. 443 for HTTPS). This achieves the goal to forward all requests over HTTPS. Network ACLs control traffic at the subnet level and cannot distinguish between HTTP and HTTPS requests to implement a redirect (option A incorrect). Replacing HTTP with HTTPS in the URL happens at the client side. It does not redirect at the ALB (option B incorrect). Network Load Balancers work at the TCP level and do not understand HTTP or HTTPS protocols. So they cannot redirect in this manner (option D incorrect).

Option C is the correct answer

A solutions architect should create listen rules to direct http traffic to https.

C is correct. Traffic redirection will solve it.

This rule can be created in the following way: 1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/. 2. In the navigation pane, choose Load Balancers. 3. Select the ALB and choose Listeners. 4. Choose View/edit rules and then choose Add rule. 5. In the Add Rule dialog box, choose HTTPS. 6. In the Default action dialog box, choose Redirect to HTTPS. 7. Choose Save rules. This listener rule will redirect all HTTP requests to HTTPS, ensuring that all traffic is encrypted.

Configure an HTTPS listener on the ALB: This step involves setting up an HTTPS listener on the ALB and configuring the security policy to use a secure SSL/TLS protocol and cipher suite. Create a redirect rule on the ALB: The redirect rule should be configured to redirect all incoming HTTP requests to HTTPS. This can be done by creating a redirect rule that redirects HTTP requests on port 80 to HTTPS requests on port 443. Update the DNS record: The DNS record for the website should be updated to point to the ALB's DNS name, so that all traffic is routed through the ALB. Verify the configuration: Once the configuration is complete, the website should be tested to ensure that all requests are being redirected to HTTPS. This can be done by accessing the website using HTTP and verifying that the request is redirected to HTTPS.

Option C

C To redirect HTTP traffic to HTTPS, a solutions architect should create a listener rule on the ALB to redirect HTTP traffic to HTTPS. Option A is not correct because network ACLs do not have the ability to redirect traffic. Option B is not correct because it does not redirect traffic, it only replaces the URL. Option D is not correct because a Network Load Balancer does not have the ability to handle HTTPS traffic.

C is correct