Answer: Create an Application Load Balancer (ALB). Add an HTTPS listener to the ALB. Configure the Auto Scaling group to register instances with the ALB's target group.

To meet the requirements of encrypting all traffic at all stages between the customers and the application servers without allowing decryption at intermediate points, the best solution is to use an Application Load Balancer (ALB) with an HTTPS listener. This setup ensures that the traffic is encrypted in transit from the customer to the ALB and from the ALB to the EC2 instances, as the ALB can terminate the HTTPS connection and then re-encrypt the traffic to the backend instances. Option A is the correct choice because it directly addresses the requirement for end-to-end encryption without decryption at intermediate points. Option B, using Amazon CloudFront, is not suitable because CloudFront is a content delivery network (CDN) and not designed to directly distribute traffic to EC2 instances in an Auto Scaling group in the manner described. Option C, using a Network Load Balancer (NLB) with a TCP listener, does not inherently provide encryption for the traffic between the NLB and the EC2 instances. Option D, using a Gateway Load Balancer (GLB), is not relevant to this scenario as GLB is designed for deploying, scaling, and managing third-party virtual appliances, not for distributing web application traffic.

Author: LeetQuiz Editorial Team