Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 330 discussion

C ALB is public resource EC2 must be in private subnet CLoudFront to distribute

Yeah, it's C: https://aws.amazon.com/premiumsupport/knowledge-center/public-load-balancer-private-ec2/

C. Configure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances in private subnets. Configure Amazon CloudFront to deliver HTTPS content using the public ALB as the origin. This option provides a balance between availability, performance, and security. The EC2 instances, which host the application and database, are located in private subnets, which reduces the exposure to the public internet. The public ALB provides the necessary network accessibility while CloudFront delivers the HTTPS content as close to the edge as possible, improving delivery time.

A and D rules out as EC2 are in Publci subnets and hence Not Secure. B is having EC2 as CF origin and this is not supported.

Answer is B. If you deliver https content at cloudfront with origins as ALB. The TLS termination will be on Cloud front and communication between cloudfront and ALB which is in Public subnet will be unencrypted. Hence, Terminating https at ALB is most Secure.

C, private EC2 instances and public ALB

It should be C

I think the answer is A, because they don't want the HTTPS origin on the "edge" along with the ALB and not processed through a NAT on a private subnet. Answer "A" has EC2 web servers in the same subnet as the LB for "least delivery time."

c la, already wrong on the answer ar

Answer is C. For EC2 to be Origin of CloudFront it needs to be in public subnet

c for sure

Curious as to why B is marked as the answer. Why go to all the trouble to create the ALB and then use the EC2 as the origin?

Go CCCCC

CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC

C is the answer. Why you want to make cloud front read data from EC2. When you've application load balancer in front of EC@

Will go ahead with 'C'.

C is ok