Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 28 discussion

C: By creating an AWS Lambda function, the solution architect can use the JSON document to look up the target URLs for each domain and respond with the appropriate redirect URL. This way, the solution does not need to rely on a web server to handle the redirects, which reduces operational effort. E: By creating an Amazon CloudFront distribution, the solution architect can deploy a Lambda@Edge function that can look up the target URLs for each domain and respond with the appropriate redirect URL. This way, CloudFront can handle the redirection, which reduces operational effort. F: By creating an SSL certificate with ACM and including the domains as Subject Alternative Names, the solution architect can ensure that the redirect service can handle both HTTP and HTTPS requests, which is required by the company.

If you go with a Cloudfront what is the origin? Lambda@edge is not origin. The function mentioned in C is Lambda and in E it says about Lambda@edge, which are two things. If you handle redirect from the Lambda@edge in CF there is no need of the Lambda you wrote in Answer C. MY Answer: Create an ALB with HTTP and HTTPS listeners (B), Use the TLS cert created in F for the HTTPS listener. As the backend for the ALB write a Lambda with endpoint mapping JSON (C) Is this full serverless? No, but you do not have to worry about scaling or operational overhead, AWS Handles everything for us.

Why not B or E? B (ALB): Yes, ALB can target Lambda now, but it requires managing listener rules and doesn't natively support multiple domains with one certificate unless using wildcards or SANs. Slightly more overhead than API Gateway for this use case. E (CloudFront + Lambda@Edge): Designed for CDN and global content caching. For simple redirection, it adds unnecessary complexity (e.g., setting up origins, deployment propagation delays) and higher cost.

B: Can handle redirects directly without needing to setup cloudfront which increases complexity. Then as everyone agrees, C and F.

CEF C: Read json and redirect E: Handle HTTP/HTTPS (intercept request) F: Required for multiple Certificate management (HTTPS) WRONG A: EC2 too much B: ALB handles HTTP/HTTPS BUT no dynamic lookup using JSON D: More operation effort comapre to CloudFront

Simple, low-maintenance, HTTPS support, no compute needed

Request → Route 53（DNS resolve） → API Gateway（Domain name + ACM cert.） → Lambda（redirect ）

Best match

BCF. You already have a lambda function that does the processing. You don't need Lambda@Edge anymore

Option E involves CloudFront with Lambda@Edge, which is more complex to manage than API Gateway for this use case.

CEF - an overkill CDF - D says that you should create a custom domain. You need to perform several steps just for this custom domain so it is a more complicated setup.

CDF is the best combination.

Lambda@Edge can perform redirection at CloudFront's edge locations, but this is more complex and costly for a simple redirect service. CloudFront is overkill for this use case as it primarily serves content delivery purposes.

C. Create an AWS Lambda function that uses the JSON document in combination with the event message to look up and respond with a redirect URL. Why: AWS Lambda provides a serverless solution to handle the redirect logic. It can read the domain and use the JSON document to determine the appropriate target URL. This reduces the operational overhead of managing infrastructure like EC2 instances. D. Use an Amazon API Gateway API with a custom domain to publish an AWS Lambda function. Why: API Gateway provides a fully managed way to route HTTP(S) requests to the Lambda function.It supports custom domains, allowing you to set up a single entry point for the redirect service, with SSL/TLS support. F. Create an SSL certificate by using AWS Certificate Manager (ACM). Include the domains as Subject Alternative Names. Why: ACM allows you to issue free SSL/TLS certificates for all 10 domains. This ensures HTTPS support for the redirect service without manual certificate management, aligning with the requirement to handle both HTTP and HTTPS.

E: Lambda@Edge is more suitable for content delivery network (CDN)-focused use cases, not for redirect services. It also requires additional setup and complexity compared to the API Gateway approach.

Deploy Lambda function that looks up and returns the appropriate URL from the JSON document. Publish Lambda using API Gateway with a custom domain name for your 10 registered domains. Use CloudFront with Lambda@Edge to ensure fast and scalable global redirection. This approach is serverless, scalable, and minimizes operational overhead.

I think it is CEF according to this https://aws.amazon.com/blogs/networking-and-content-delivery/handling-redirectsedge-part1/