AWS Certified Solutions Architect - Associate
Get started today
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
A company has a website hosted on AWS. The website is behind an Application Load Balancer (ALB) that is configured to handle HTTP and HTTPS separately. The company wants to forward all requests to the website so that the requests will use HTTPS.
What should a solutions architect do to meet this requirement?
Other
Community
UAnonymous
A
Update the ALB's network ACL to accept only HTTPS traffic.
B
Create a rule that replaces the HTTP in the URL with HTTPS.
C
Create a listener rule on the ALB to redirect HTTP traffic to HTTPS.
D
Replace the ALB with a Network Load Balancer configured to use Server Name Indication (SNI).
Explanation:
Explanation
The correct answer is C. Create a listener rule on the ALB to redirect HTTP traffic to HTTPS.
Why this is correct:
- Application Load Balancer (ALB) supports HTTP to HTTPS redirection: ALBs have built-in functionality to redirect HTTP traffic (port 80) to HTTPS (port 443) using listener rules.
- Listener rules configuration: You can create a rule on the HTTP listener (port 80) that redirects all traffic to HTTPS. This is a standard best practice for enforcing HTTPS.
- Automatic redirection: When configured properly, any HTTP request will automatically be redirected to HTTPS with a 301 or 302 HTTP status code.
Why the other options are incorrect:
A. Update the ALB's network ACL to accept only HTTPS traffic.
- Network ACLs are network-level security controls that filter traffic at the subnet level, not at the ALB level.
- Blocking HTTP at the network level would prevent users from accessing the site entirely, rather than redirecting them to HTTPS.
B. Create a rule that replaces the HTTP in the URL with HTTPS.
- While this describes the concept of redirection, it's not the precise AWS implementation.
- ALBs use specific listener rules for redirection, not URL manipulation rules.
D. Replace the ALB with a Network Load Balancer configured to use Server Name Indication (SNI).
- Network Load Balancers (NLBs) operate at Layer 4 (transport layer) and don't support HTTP/HTTPS redirection.
- SNI is for serving multiple SSL certificates on the same IP address, not for HTTP to HTTPS redirection.
- Replacing an ALB with an NLB would remove application-layer functionality needed for this requirement.
Implementation Steps:
- Create an HTTPS listener on port 443 with your SSL certificate.
- Configure the HTTP listener (port 80) with a redirect rule to HTTPS.
- The rule should redirect all HTTP requests to HTTPS with the same host, path, and query string.
This approach ensures all users are automatically redirected to the secure HTTPS version of your website, improving security and meeting the requirement.
Comments
Loading comments...