AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

A company is creating a REST API. The company has strict requirements for the use of TLS. The company requires TLSv1.3 on the API endpoints. The company also requires a specific public third-party certificate authority (CA) to sign the TLS certificate.

Which solution will meet these requirements?

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Use a local machine to create a certificate that is signed by the third-party CA. Import the certificate into AWS Certificate Manager (ACM). Create an HTTP API in Amazon API Gateway with a custom domain. Configure the custom domain to use the certificate.

Create a certificate in AWS Certificate Manager (ACM) that is signed by the third-party CA. Create an HTTP API in Amazon API Gateway with a custom domain. Configure the custom domain to use the certificate.

Use AWS Certificate Manager (ACM) to create a certificate that is signed by the third-party CA. Import the certificate into AWS Certificate Manager (ACM). Create an AWS Lambda function with a Lambda function URL. Configure the Lambda function URL to use the certificate.

Create a certificate in AWS Certificate Manager (ACM) that is signed by the third-party CA. Create an AWS Lambda function with a Lambda function URL. Configure the Lambda function URL to use the certificate.

Explanation:

Explanation

Correct Answer: B

Why Option B is correct:

TLSv1.3 support: Amazon API Gateway supports TLSv1.3 for custom domain names when using certificates from ACM.
Third-party CA requirement: ACM allows you to import certificates from third-party certificate authorities, but the question states to "create a certificate in AWS Certificate Manager (ACM) that is signed by the third-party CA" - this is possible through ACM's certificate import feature.
API Gateway integration: API Gateway with custom domains can use certificates from ACM to provide TLS termination.

Why other options are incorrect:

Option A: While this could technically work (importing a certificate created locally), it's unnecessarily complex. The question asks for the solution that meets the requirements, and Option B is more straightforward and uses AWS-native services properly.

Option C: This option is contradictory - it says "Use AWS Certificate Manager (ACM) to create a certificate" and then "Import the certificate into AWS Certificate Manager (ACM)" - this doesn't make sense as you can't create and then import the same certificate. Also, Lambda function URLs have limitations compared to API Gateway.

Option D: Lambda function URLs don't provide the same level of API management features as API Gateway and may have different TLS support characteristics. API Gateway is the AWS-recommended service for building REST APIs.

Key AWS Concepts:

AWS Certificate Manager (ACM): Manages SSL/TLS certificates for AWS services
API Gateway Custom Domains: Allow you to use your own domain name with API Gateway
TLSv1.3: The latest version of TLS protocol, supported by API Gateway with ACM certificates
Third-party CA certificates: Can be imported into ACM for use with AWS services

Best Practice: For REST APIs requiring TLSv1.3 and specific CA requirements, use API Gateway with custom domains and ACM certificates.

Powered ByGPT-5.2

Comments

Loading comments...