Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 28 discussion

C: By creating an AWS Lambda function, the solution architect can use the JSON document to look up the target URLs for each domain and respond with the appropriate redirect URL. This way, the solution does not need to rely on a web server to handle the redirects, which reduces operational effort. E: By creating an Amazon CloudFront distribution, the solution architect can deploy a Lambda@Edge function that can look up the target URLs for each domain and respond with the appropriate redirect URL. This way, CloudFront can handle the redirection, which reduces operational effort. F: By creating an SSL certificate with ACM and including the domains as Subject Alternative Names, the solution architect can ensure that the redirect service can handle both HTTP and HTTPS requests, which is required by the company.

If you go with a Cloudfront what is the origin? Lambda@edge is not origin. The function mentioned in C is Lambda and in E it says about Lambda@edge, which are two things. If you handle redirect from the Lambda@edge in CF there is no need of the Lambda you wrote in Answer C. MY Answer: Create an ALB with HTTP and HTTPS listeners (B), Use the TLS cert created in F for the HTTPS listener. As the backend for the ALB write a Lambda with endpoint mapping JSON (C) Is this full serverless? No, but you do not have to worry about scaling or operational overhead, AWS Handles everything for us.

BCF. You already have a lambda function that does the processing. You don't need Lambda@Edge anymore

Option E involves CloudFront with Lambda@Edge, which is more complex to manage than API Gateway for this use case.

CEF - an overkill CDF - D says that you should create a custom domain. You need to perform several steps just for this custom domain so it is a more complicated setup.

CDF is the best combination.

Lambda@Edge can perform redirection at CloudFront's edge locations, but this is more complex and costly for a simple redirect service. CloudFront is overkill for this use case as it primarily serves content delivery purposes.

C. Create an AWS Lambda function that uses the JSON document in combination with the event message to look up and respond with a redirect URL. Why: AWS Lambda provides a serverless solution to handle the redirect logic. It can read the domain and use the JSON document to determine the appropriate target URL. This reduces the operational overhead of managing infrastructure like EC2 instances. D. Use an Amazon API Gateway API with a custom domain to publish an AWS Lambda function. Why: API Gateway provides a fully managed way to route HTTP(S) requests to the Lambda function.It supports custom domains, allowing you to set up a single entry point for the redirect service, with SSL/TLS support. F. Create an SSL certificate by using AWS Certificate Manager (ACM). Include the domains as Subject Alternative Names. Why: ACM allows you to issue free SSL/TLS certificates for all 10 domains. This ensures HTTPS support for the redirect service without manual certificate management, aligning with the requirement to handle both HTTP and HTTPS.

E: Lambda@Edge is more suitable for content delivery network (CDN)-focused use cases, not for redirect services. It also requires additional setup and complexity compared to the API Gateway approach.

Deploy Lambda function that looks up and returns the appropriate URL from the JSON document. Publish Lambda using API Gateway with a custom domain name for your 10 registered domains. Use CloudFront with Lambda@Edge to ensure fast and scalable global redirection. This approach is serverless, scalable, and minimizes operational overhead.

I think it is CEF according to this https://aws.amazon.com/blogs/networking-and-content-delivery/handling-redirectsedge-part1/

The correct steps to implement the redirect service with the LEAST operational effort are: C. Create an AWS Lambda function that uses the JSON document in combination with the event message to look up and respond with a redirect URL. Lambda allows serverless, scalable handling of requests, and is ideal for processing requests based on a JSON document. D. Use an Amazon API Gateway API with a custom domain to publish an AWS Lambda function. API Gateway provides a scalable interface to expose the Lambda function via HTTP/HTTPS and supports custom domains. F. Create an SSL certificate by using AWS Certificate Manager (ACM). Include the domains as Subject Alternative Names. ACM simplifies the management of SSL certificates, ensuring HTTPS support for the custom domain.

B. Create an Application Load Balancer that includes HTTP and HTTPS listeners. (for secure and easy traffic management) C. Create an AWS Lambda function that uses the JSON document in combination with the event message to look up and respond with a redirect URL. (for low-cost, serverless compute) F. Create an SSL certificate by using AWS Certificate Manager (ACM). Include the domains as Subject Alternative Names. (for easy SSL management)

The most efficient solution for setting up a redirect service that accepts HTTP and HTTPS requests while leveraging AWS services would involve using a serverless architecture to reduce operational overhead. Here are the steps to achieve this: Correct Steps: C. Create an AWS Lambda function that uses the JSON document in combination with the event message to look up and respond with a redirect URL. Use a Lambda function to handle incoming requests, parse the domain from the request, and determine the appropriate redirect URL using the JSON document. D. Use an Amazon API Gateway API with a custom domain to publish an AWS Lambda function. API Gateway can serve as the entry point for HTTP and HTTPS requests. It can integrate with the Lambda function and provide the custom domain support needed to handle redirects. F. Create an SSL certificate by using AWS Certificate Manager (ACM). Include the domains as Subject Alternative Names. ACM provides SSL certificates that are integrated with AWS services like API Gateway and CloudFront. This ensures HTTPS support for all domains with minimal operational effort.

Setting lambda as an ALB target seems less effort than configuring CFN origins.

C. Create an AWS Lambda function that uses the JSON document in combination with the event message to look up and respond with a redirect URL. E. Create an Amazon CloudFront distribution. Deploy a Lambda@Edge function. F. Create an SSL certificate by using AWS Certificate Manager (ACM). Include the domains as Subject Alternative Names.

Initially, i thought E however, i realized that Lambda@Edge needs an origin to send traffic to. The purpose of Lambda on edge is to make adjustments to the request/response not to reroute like what we're trying to achieve. D is out because Amazon API Gateway does not support unencrypted (HTTP) endpoints. A is too much overhead BCF.