Correct Answer – D
When your origin is an Amazon S3 bucket that supports HTTPS communication, CloudFront always forwards requests to S3 by using the protocol that viewers used to submit the requests. The default setting for the Origin Protocol Policy setting is Match Viewer and can`t be changed.
If you want to require HTTPS for communication between CloudFront and Amazon S3, you must change the value of Viewer Protocol Policy to Redirect HTTP to HTTPS or HTTPS Only. The procedure later in this section explains how to use the CloudFront console to change the Viewer Protocol Policy. For information about using the CloudFront API to update the
ViewerProtocolPolicy
element for a distribution, see UpdateDistribution in the Amazon CloudFront API Reference.
Option A is incorrect because this is not the default behaviour to redirect HTTP to HTTPS for CloudFront.
Option B is incorrect because using this option user cannot redirect HTTP requests o HTTPS requests automatically. It does not achieve the requirement.
HTTPS Only:
Viewers can access your content only if they`re using HTTPS. If a viewer sends an HTTP request instead of an HTTPS request, CloudFront returns HTTP status code 403 (Forbidden) and does not return the object.
Option C is incorrect because the Origin Protocol Policy setting is "Match Viewer" and can`t be changed. Details please check the following reference.
Option D is CORRECT because this configuration in Viewer Protocol Policy helps to automatically redirect HTTP requests to HTTPS requests.
Reference:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-cloudfront-to-s3-origin.html
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html