Question #1993
A company hosts a video-sharing platform on AWS. Users upload videos stored in an Amazon S3 bucket in the eu-west-1 Region. The company wants to use Amazon CloudFront with a custom domain for video uploads. Which solutions meet these requirements? (Choose two.)
Use AWS Certificate Manager (ACM) to create a public certificate in the us-east-1 Region. Use the certificate in CloudFront.
Use AWS Certificate Manager (ACM) to create a public certificate in eu-west-1. Use the certificate in CloudFront.
Configure Amazon S3 to allow uploads from CloudFront. Configure S3 Transfer Acceleration.
Configure Amazon S3 to allow uploads from CloudFront origin access control (OAC).
Configure Amazon S3 to allow uploads from CloudFront. Configure an Amazon S3 website endpoint.
Explanation
Answer A is correct because AWS Certificate Manager (ACM) certificates for CloudFront must be created in the us-east-1 Region. Answer D is correct because CloudFront uses Origin Access Control (OAC) to securely access the S3 bucket. Option B is incorrect as ACM certificates for CloudFront cannot be in eu-west-1. Option C is unnecessary since CloudFront handles uploads without Transfer Acceleration. Option E is invalid because S3 website endpoints are not designed for CloudFront uploads. Key points: CloudFront requires ACM in us-east-1; OAC secures S3 access via CloudFront.
Answer
The correct answer is: AD