A WordPress blogging platform is hosted on Amazon EC2 instances. The EC2 instances are deployed behind an application load balancer to provide high availability. The security team has mandated that all client requests must be encrypted in transit with HTTPS. What is the most cost-effective solution to implement this requirement?

Answer options:

A.Configure Redirect HTTP to HTTPS Viewer Protocol Policy for CloudFront.
B.Configure ALB HTTPS Listener and forward the traffic on port 443 to the EC2 instances.
C.Configure Custom Domain Name on the Amazon API Gateway.
D.Configure HTTPS in the WordPress Settings.

Answer: B
Option A is incorrect because it would not be the most cost-effective solution as additional costs are associated with creating a CloudFront distribution.
Option B is CORRECT because you can create an HTTPS listener which uses encrypted connections (also known as SSL offload). This feature enables traffic encryption between your load balancer and the clients that initiate SSL or TLS sessions. The traffic is forwarded on port 443 to EC2 so that the traffic between ELB and EC2 is also encrypted.
Option C is incorrect because it would not be the most cost-effective solution as there would be additional costs associated with deploying an API gateway and configuring a custom domain.
Option D is incorrect because it would not be the most cost-effective solution as there would be additional costs associated with distributing SSL certificates to each backend server. It also increases the attack surface due to the presence of multiple copies of the certificate.
Reference:
https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/infrastructure-security.html