Answer-first summary for fast verification
Answer: Create a certificate in AWS Certificate Manager (ACM) that is signed by the third-party CA. Create an HTTP API in Amazon API Gateway with a custom domain. Configure the custom domain to use the certificate.
## Explanation **Correct Answer: B** **Why Option B is correct:** 1. **TLSv1.3 support**: Amazon API Gateway supports TLSv1.3 for custom domain names when using certificates from ACM. 2. **Third-party CA requirement**: ACM allows you to import certificates from third-party certificate authorities, but the question states to "create a certificate in AWS Certificate Manager (ACM) that is signed by the third-party CA" - this is possible through ACM's certificate import feature. 3. **API Gateway integration**: API Gateway with custom domains can use certificates from ACM to provide TLS termination. **Why other options are incorrect:** **Option A**: While this could technically work (importing a certificate created locally), it's unnecessarily complex. The question asks for the solution that meets the requirements, and Option B is more straightforward and uses AWS-native services properly. **Option C**: This option is contradictory - it says "Use AWS Certificate Manager (ACM) to create a certificate" and then "Import the certificate into AWS Certificate Manager (ACM)" - this doesn't make sense as you can't create and then import the same certificate. Also, Lambda function URLs have limitations compared to API Gateway. **Option D**: Lambda function URLs don't provide the same level of API management features as API Gateway and may have different TLS support characteristics. API Gateway is the AWS-recommended service for building REST APIs. **Key AWS Concepts:** - **AWS Certificate Manager (ACM)**: Manages SSL/TLS certificates for AWS services - **API Gateway Custom Domains**: Allow you to use your own domain name with API Gateway - **TLSv1.3**: The latest version of TLS protocol, supported by API Gateway with ACM certificates - **Third-party CA certificates**: Can be imported into ACM for use with AWS services **Best Practice**: For REST APIs requiring TLSv1.3 and specific CA requirements, use API Gateway with custom domains and ACM certificates.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company is creating a REST API. The company has strict requirements for the use of TLS. The company requires TLSv1.3 on the API endpoints. The company also requires a specific public third-party certificate authority (CA) to sign the TLS certificate.
Which solution will meet these requirements?
A
Use a local machine to create a certificate that is signed by the third-party CA. Import the certificate into AWS Certificate Manager (ACM). Create an HTTP API in Amazon API Gateway with a custom domain. Configure the custom domain to use the certificate.
B
Create a certificate in AWS Certificate Manager (ACM) that is signed by the third-party CA. Create an HTTP API in Amazon API Gateway with a custom domain. Configure the custom domain to use the certificate.
C
Use AWS Certificate Manager (ACM) to create a certificate that is signed by the third-party CA. Import the certificate into AWS Certificate Manager (ACM). Create an AWS Lambda function with a Lambda function URL. Configure the Lambda function URL to use the certificate.
D
Create a certificate in AWS Certificate Manager (ACM) that is signed by the third-party CA. Create an AWS Lambda function with a Lambda function URL. Configure the Lambda function URL to use the certificate.