While preparing for the AWS SAP-C02 exam, many candidates get confused by HTTP/HTTPS redirection methods. In the real world, this is fundamentally a decision balancing operational simplicity vs. latency and cost optimization. Let’s drill into a simulated scenario.
The Scenario #
A fast-growing digital marketing startup, BrightPath Media, recently acquired 10 new branded domains representing different campaigns worldwide. They want a centralized solution to redirect visitor requests from each domain to a unique marketing landing URL defined in a JSON configuration file. All DNS records for these domains are managed in Amazon Route 53. BrightPath Media requires the redirection service to accept both HTTP and HTTPS requests, enforce secure certificates, and minimize operational overhead and maintenance complexity.
Key Requirements #
Design an architecture that provides efficient multi-domain HTTP/HTTPS redirection using the JSON mappings, minimizes ongoing operations effort, ensures secure TLS handling with certificates, and scales cost-effectively.
The Options #
- A) Deploy a dynamic web application on Amazon EC2 instances that parses the JSON and returns redirect responses.
- B) Configure an Application Load Balancer with both HTTP and HTTPS listeners in front of instances.
- C) Build an AWS Lambda function that reads from the JSON document and returns the redirect URL dynamically.
- D) Expose the Lambda function through Amazon API Gateway with a custom domain for handling requests.
- E) Deploy a CloudFront distribution with Lambda@Edge functions to perform redirect logic at the edge.
- F) Use AWS Certificate Manager (ACM) to provision an SSL certificate including all domain names as SANs.
Correct Answer #
Options C, E, and F.
Step-by-Step Winning Logic #
- Lambda function (C) is ideal for serverless, event-driven logic to parse JSON and decide redirect targets dynamically without infrastructure management.
- Deploying Lambda@Edge with CloudFront (E) enables executing the redirect logic at edge locations, reducing latency globally, enhancing user experience, and avoiding centralized bottlenecks.
- Using ACM certificates (F) for all domain names eliminates manual certificate issuance/renewal, secures HTTPS, and integrates seamlessly with CloudFront.
This combination provides the best trade-off balancing low operational effort (serverless), global performance (edge compute), security (HTTPS via ACM), and cost efficiency (pay per execution + CloudFront pricing).
The Traps (Distractor Analysis) #
- A (EC2 with dynamic website): Involves managing servers, scaling, patching, and introduces single points of failure — high ops overhead and cost.
- B (ALB with HTTP/HTTPS listeners): Requires backend instances which increase costs and ops effort versus serverless; also more complex.
- D (API Gateway + custom domain): Adds significant API Gateway costs and management overhead; less efficient than CloudFront edge for HTTP redirects.
💎 The Architect’s Deep Dive: Why Options Fail #
The Architect Blueprint #
Mermaid Diagram illustrating the flow of the correct solution.
flowchart TB
A((User)) -->|"HTTP/HTTPS"| B[CloudFront]
B -->|Trigger| C["Lambda@Edge"]
C -->|Read| D[Redirect Map
JSON]
C -->|301 / 302| B
B -->|Redirect| A
E[ACM SSL Cert] -->|TLS| B
classDef node fill:#f8fafc,stroke:#64748b,stroke-width:1.5px,color:#0f172a
classDef accent fill:#dbeafe,stroke:#3b82f6,stroke-width:2px,color:#1e40af
classDef cert fill:#f0fdfa,stroke:#14b8a6,stroke-width:1.5px
class A,B,C,D,E node
class B,C accent
class E cert
linkStyle default stroke:#64748b,stroke-width:1.5px
Diagram Note: User requests hit CloudFront with ACM-managed SSL cert. Lambda@Edge reads JSON config to route the user with HTTP redirects globally at low latency without server management.
The Decision Matrix #
| Option | Est. Complexity | Est. Monthly Cost (Quantified) | Pros | Cons |
|---|---|---|---|---|
| A) EC2 Dynamic App | High | High ($500+) | Full control, flexible | High ops cost, patching, scaling needed |
| B) ALB with Listeners | Medium | Medium ($200+) | Managed load balancing | Needs backend infra, higher ops |
| C) Lambda Function | Low | Low ($20 - $50) | Serverless, auto scaling | Cold start latency though minimal here |
| D) API Gateway + Lambda | Medium | Medium-High ($100+) | Managed API endpoint | More expensive than CloudFront for redirection |
| E) CloudFront + Lambda@Edge | Medium | Medium ($50 - $100) | Global low latency, serverless, secure | Slightly higher complexity to setup |
| F) ACM SSL Cert | Low | Free (for ACM) | No maintenance, automatic renewals | Limited to supported domains |
Real-World Practitioner Insight #
Exam Rule #
For the AWS SAP-C02 exam, always consider Lambda@Edge + CloudFront for global HTTP/HTTPS redirection with multi-domain support, especially when domain mappings are dynamic.