You’ve developed an application that is going to be hosted on an EC2 Instance. The company has decided to use Cloudfront to distribute the content. The IT Security department has mandated that the traffic is encrypted between Cloudfront and the Viewer and Cloudfront and its origin. How can you achieve this? Choose 2 answers from the options given below.

Answer options:

A.Ensure that HTTP is mapped to port 443 at the origin.
B.Ensure that KMS keys are used to encrypt the traffic.
C.Ensure that the Viewer Protocol policy is set to HTTPS only or Redirect HTTP to HTTPS.
D.Ensure that the Origin Protocol policy is set to HTTPS only.

Answer – C and D
This is given in the AWS Documentation.
Since this is clearly given in the documentation, all other options are incorrect.
For more information on configuring HTTPS between the Viewer and Cloudfront and the Origin and Cloudfront, please refer to the below URLs-
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-viewers-to-cloudfront.html
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-cloudfront-to-custom-origin.html