Question #864
A developer is deploying a multi-region application across three AWS Regions using AWS CloudFormation. Each Region includes an Elastic Beanstalk environment with an Application Load Balancer (ALB) configured for HTTPS. The developer must use AWS Certificate Manager (ACM) to provision SSL certificates for all ALBs. Which solution meets these requirements?
Generate a certificate in ACM in a single Region. Reference the certificate ARN in the CloudFormation templates for all ALBs across the three Regions.
Create a global ACM certificate in the us-east-1 Region. Configure the CloudFormation templates to associate this certificate with each ALB in all Regions.
Generate a certificate in ACM in each of the three Regions. Update the CloudFormation template for each Region to reference the corresponding certificate ARN for its ALB.
Use ACM to create a certificate in one Region and export it to the other two Regions. Deploy the exported certificates to the ALBs via CloudFormation.
Explanation
The correct answer is C because AWS Certificate Manager (ACM) certificates are region-specific and cannot be used across Regions. Each Application Load Balancer (ALB) must reference an ACM certificate created in the same Region where the ALB resides.
- Option A is incorrect because referencing a certificate ARN from a single Region in other Regions will fail, as ACM certificates are not cross-Region.
- Option B is invalid because global ACM certificates (e.g., in us-east-1) are only applicable to CloudFront, not regional resources like ALBs.
- Option D is incorrect because ACM does not support exporting certificates to other Regions.
Key Points:
1. ACM certificates are tied to the Region they are created in.
2. ALBs require certificates to be in the same Region.
3. Multi-Region deployments require separate certificates in each Region.
Answer
The correct answer is: C