A company lets users upload photos to an Amazon S3 bucket in eu-west-1 and wants to use CloudFront with a custom domain to upload the files. Which solutions will meet these requirements? (Choose two.)
Choose an answer
Tap an option to check your answer.
Correct answer: Use AWS Certificate Manager (ACM) to create a public certificate in the us-east-1 Region. Use the certificate in CloudFront., Configure Amazon S3 to allow uploads from CloudFront origin access control (OAC)..
Why this is the answer
To use a custom domain with CloudFront for HTTPS, a public SSL/TLS certificate is required. AWS Certificate Manager (ACM) certificates used with CloudFront distributions must be requested in the US East (N. Virginia) region (us-east-1), regardless of the CloudFront distribution's origin region. This is a CloudFront-specific requirement. Therefore, creating the certificate in us-east-1 is correct. For CloudFront to upload files to an S3 bucket, you need to grant CloudFront permission to access the S3 bucket. Origin Access Control (OAC) is the recommended and more secure method to restrict access to your S3 bucket, ensuring that only CloudFront can access it. OAC replaces the older Origin Access Identity (OAI) and provides more granular control and support for all S3 regions. Incorrect options: Creating the certificate in eu-west-1 is incorrect because CloudFront requires ACM certificates to be in us-east-1. Configuring S3 Transfer Acceleration is for accelerating uploads directly to S3, not for enabling CloudFront to upload to S3. Configuring an S3 website endpoint is for hosting static websites, not for allowing CloudFront to upload content to S3.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed