Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 28 discussion

C: By creating an AWS Lambda function, the solution architect can use the JSON document to look up the target URLs for each domain and respond with the appropriate redirect URL. This way, the solution does not need to rely on a web server to handle the redirects, which reduces operational effort. E: By creating an Amazon CloudFront distribution, the solution architect can deploy a Lambda@Edge function that can look up the target URLs for each domain and respond with the appropriate redirect URL. This way, CloudFront can handle the redirection, which reduces operational effort. F: By creating an SSL certificate with ACM and including the domains as Subject Alternative Names, the solution architect can ensure that the redirect service can handle both HTTP and HTTPS requests, which is required by the company.

If you go with a Cloudfront what is the origin? Lambda@edge is not origin. The function mentioned in C is Lambda and in E it says about Lambda@edge, which are two things. If you handle redirect from the Lambda@edge in CF there is no need of the Lambda you wrote in Answer C. MY Answer: Create an ALB with HTTP and HTTPS listeners (B), Use the TLS cert created in F for the HTTPS listener. As the backend for the ALB write a Lambda with endpoint mapping JSON (C) Is this full serverless? No, but you do not have to worry about scaling or operational overhead, AWS Handles everything for us.

Setting lambda as an ALB target seems less effort than configuring CFN origins.

C. Create an AWS Lambda function that uses the JSON document in combination with the event message to look up and respond with a redirect URL. E. Create an Amazon CloudFront distribution. Deploy a Lambda@Edge function. F. Create an SSL certificate by using AWS Certificate Manager (ACM). Include the domains as Subject Alternative Names.

Initially, i thought E however, i realized that Lambda@Edge needs an origin to send traffic to. The purpose of Lambda on edge is to make adjustments to the request/response not to reroute like what we're trying to achieve. D is out because Amazon API Gateway does not support unencrypted (HTTP) endpoints. A is too much overhead BCF.

BCF (Application Load Balancer, AWS Lambda, ACM) is preferred for its simplicity, ease of setup, and cost predictability. It handles both HTTP and HTTPS traffic effectively with less operational complexity compared to the CloudFront and Lambda@Edge setup. CEF (AWS Lambda, CloudFront, ACM) is a powerful solution for global low-latency requirements but may introduce unnecessary complexity and higher costs for a simple redirection service.

Correct answer is BEF Main discussion here is Lambda@Edge can redirect viewers request to based on information in the request based on domain and path

CDF is answer. Check it again

Vote BCF

Guys the Answer has to be B,C, and E. period.

CEF is the correct combination.

E is a bit blur, it seems like an unifished sentence to me

Option A - This option could work but it increases operational overhead: Deploying an EC2 instance requires building a VPC with one public subnet. Moreover, the architect will need to write an application to process the event. Option B - This option could work and it reduces operational overhead: An ALB helps expose the solution and respond to HTTP/S requests; a VPC will needed. It can target EC2 instances and Lambda functions Option C - This option could work and minimizes operational overhead: The architect can focus on writing the code to process the event. A VPC is not necessarily needed to deploy a Lambda function Option D - This option might not work: AWS Gateway APIs only respond to HTTPS Option E - This option might not work: It can respond to HTTP/S requests and send events to API Gateway as an origin. However, this would remove the need to deploy a Lambda@Edge function Option F - This option will contribute to the solution: It enables HTTPS for the 10 domains

Lambda@Edge allows you to execute custom business logic closer to the viewer. This capability enables intelligent/programmable processing of HTTP requests at locations that are closer (for the purpose of latency) to your viewer. In this case the Lambda@Edge function can be written so that it redirects viewers based on information in the request based on domain and path. To accept multiple custom domains on the CloudFront distribution a certificate can be created in ACM that includes multiple subject alternative names. These names can then be used in Route 53 records pointing to the distribution. The ALB may will need to be configured with both an HTTP and an HTTPS listener. The HTTPS listener will also require a certificate, and this could use the same certificate used in the CloudFront distribution or it could be a separate certificate.

as they fit each other

B, E, F - Lambda@Edge will allow for processing before directing to ALB

BCF. We need to choose the solution with three steps and here is the blog with same situation with old possible scenario with limited scale ( S3, cloudfront without lambda@edge ) https://aws.amazon.com/ko/blogs/networking-and-content-delivery/automating-http-s-redirects-and-certificate-management-at-scale/