Skip to Content

DVA-C02: How to Use CloudFront and a Custom Domain for API Gateway

Learn how to configure a custom domain name for your Amazon API Gateway REST API using Amazon CloudFront and AWS Certificate Manager. Find out the steps to import your SSL/TLS certificate and create a DNS CNAME record.

Question

A developer is creating an application that includes an Amazon API Gateway REST API in the us-east-2 Region. The developer wants to use Amazon CloudFront and a custom domain name for the API. The developer has acquired an SSL/TLS certificate for the domain from a third-party provider.

How should the developer configure the custom domain for the application?

A. Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the same Region as the API. Create a DNS A record for the custom domain.

B. Import the SSL/TLS certificate into CloudFront. Create a DNS CNAME record for the custom domain.

C. Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the same Region as the API. Create a DNS CNAME record for the custom domain.

D. Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the us-east-1 Region. Create a DNS CNAME record for the custom domain.

Answer

D. Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the us-east-1 Region. Create a DNS CNAME record for the custom domain.

Explanation

The correct answer is D. Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the us-east-1 Region. Create a DNS CNAME record for the custom domain.

To use Amazon CloudFront and a custom domain name for an API Gateway REST API, the developer needs to create an edge-optimized custom domain name for the API. An edge-optimized custom domain name uses a CloudFront distribution to route requests to the API endpoint. To create an edge-optimized custom domain name, the developer must have an SSL/TLS certificate that is imported or requested from AWS Certificate Manager (ACM) in the us-east-1 Region. This is because CloudFront requires certificates that are issued by ACM or a trusted certificate authority, and ACM certificates can only be used with CloudFront if they are in the us-east-1 Region.

After importing or requesting the certificate in ACM, the developer can create the custom domain name in API Gateway and choose the certificate from ACM. API Gateway will then create a CloudFront distribution and assign a default domain name for the custom domain name. The developer can then create a DNS CNAME record to map the custom domain name to the default domain name provided by API Gateway.

Option A is incorrect because importing the SSL/TLS certificate into ACM in the same Region as the API will not work for an edge-optimized custom domain name. The certificate must be in the us-east-1 Region to be used with CloudFront.

Option B is incorrect because importing the SSL/TLS certificate into CloudFront is not possible. The certificate must be imported or requested from ACM in the us-east-1 Region.

Option C is incorrect because creating a DNS A record for the custom domain is not recommended for an edge-optimized custom domain name. A DNS A record maps a domain name to an IP address, which can change over time for a CloudFront distribution. A DNS CNAME record maps a domain name to another domain name, which is more stable and reliable.

The latest AWS Certified Developer – Associate DVA-C02 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Developer – Associate DVA-C02 exam and earn AWS Certified Developer – Associate DVA-C02 certification.

AWS Certified Developer - Associate DVA-C02 Exam Questions and Answers

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.