AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A company is developing a public-facing web application on AWS. The solutions architect must ensure end-to-end encryption of HTTP traffic while avoiding the operational burden of purchasing, uploading, and renewing SSL/TLS certificates manually. Which AWS service should the architect use to provision, manage, and automatically renew the required certificates?
Store and reference self-signed certificates in an Amazon S3 bucket
AWS Certificate Manager (ACM) lets you request public or private SSL/TLS certificates, deploy them to services such as Elastic Load Balancing, Amazon CloudFront, and Amazon API Gateway, and handles renewals automatically. AWS KMS manages encryption keys for data at rest, not certificates. AWS IAM Identity Center provides access management and federation, not certificate lifecycle management. Storing self-signed certificates in Amazon S3 still requires manual distribution, trust configuration, and renewal, providing no automation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are SSL and TLS, and why are they important?
Open an interactive chat with Bash
What does end-to-end encryption mean?
Open an interactive chat with Bash
What is a cloud provider's certificate management service?