You work in a DevOps team, and your team maintains several applications deployed in AWS. At the moment, there are dozens of server certificates stored in IAM. These certificates are used for different purposes and have different expiry date. You have to renew the certificates before they expire. Otherwise, the services will be impacted. You want to use another approach to renew and manage these certificates. Which method is the best?

Answer options:

A.In the IAM console, add a new strategy for server certificates to renew one month before the expiry date automatically.
B.Provision and manage the server certificates in AWS Certificate Manager (ACM). The certificates requested from ACM are automatically renewed.
C.In IAM console, migrate the certificates from IAM to ACM then ACM can automatically renew the certificates one month before the expiry date.
D.Import all third-party certificates into ACM. ACM is responsible for the automatic renew for both third-party certificates and ACM provided certificates.

Correct Answer – B
Check https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html on how to manage server certificates in IAM and ACM.
Option A is incorrect: Because for the imported server certificates in IAM, there is no IAM console to manage them. This is one major disadvantage of managing certificates in IAM.
Option B is CORRECT: Because ACM is a preferred solution. Certificates requested by ACM are free and automatically renew.
Option C is incorrect: Because you cannot migrate the certificates from IAM to ACM directly. There is no such console to do that. For ACM, you can import third-party certificates to the service.
Option D is incorrect: Because ACM cannot automatically renew imported third-party certificates. You are responsible for monitoring the expiration date.Please check the reference in
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html