DVA-C02: How to Use CloudFront and a Custom Domain for API Gateway

Learn how to configure a custom domain name for your Amazon API Gateway REST API using Amazon CloudFront and AWS Certificate Manager. Find out the steps to import your SSL/TLS certificate and create a DNS CNAME record.

Question

A developer is creating an application that includes an Amazon API Gateway REST API in the us-east-2 Region. The developer wants to use Amazon CloudFront and a custom domain name for the API. The developer has acquired an SSL/TLS certificate for the domain from a third-party provider.

How should the developer configure the custom domain for the application?

A. Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the same Region as the API. Create a DNS A record for the custom domain.

B. Import the SSL/TLS certificate into CloudFront. Create a DNS CNAME record for the custom domain.

C. Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the same Region as the API. Create a DNS CNAME record for the custom domain.

D. Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the us-east-1 Region. Create a DNS CNAME record for the custom domain.

Answer

D. Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the us-east-1 Region. Create a DNS CNAME record for the custom domain.

Explanation

The correct answer is D. Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the us-east-1 Region. Create a DNS CNAME record for the custom domain.

To use Amazon CloudFront and a custom domain name for an API Gateway REST API, the developer needs to create an edge-optimized custom domain name for the API. An edge-optimized custom domain name uses a CloudFront distribution to route requests to the API endpoint. To create an edge-optimized custom domain name, the developer must have an SSL/TLS certificate that is imported or requested from AWS Certificate Manager (ACM) in the us-east-1 Region. This is because CloudFront requires certificates that are issued by ACM or a trusted certificate authority, and ACM certificates can only be used with CloudFront if they are in the us-east-1 Region.

After importing or requesting the certificate in ACM, the developer can create the custom domain name in API Gateway and choose the certificate from ACM. API Gateway will then create a CloudFront distribution and assign a default domain name for the custom domain name. The developer can then create a DNS CNAME record to map the custom domain name to the default domain name provided by API Gateway.

Option A is incorrect because importing the SSL/TLS certificate into ACM in the same Region as the API will not work for an edge-optimized custom domain name. The certificate must be in the us-east-1 Region to be used with CloudFront.

Option B is incorrect because importing the SSL/TLS certificate into CloudFront is not possible. The certificate must be imported or requested from ACM in the us-east-1 Region.

Option C is incorrect because creating a DNS A record for the custom domain is not recommended for an edge-optimized custom domain name. A DNS A record maps a domain name to an IP address, which can change over time for a CloudFront distribution. A DNS CNAME record maps a domain name to another domain name, which is more stable and reliable.

The latest AWS Certified Developer – Associate DVA-C02 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Developer – Associate DVA-C02 exam and earn AWS Certified Developer – Associate DVA-C02 certification.