A company is using an Amazon CloudFront distribution that is configured with an Application Load Balancer (ALB) as an origin. A network engineer needs to implement a solution that requires all inbound traffic to the ALB to come from CloudFront. The network engineer must implement the solution at the network layer rather than in the application.
Which solution will meet these requirements in the MOST operationally efficient way?
The requirement is to ensure all inbound traffic to the Application Load Balancer (ALB) originates from CloudFront, implemented at the network layer. Adding an inbound rule to the ALB's security group using the AWS managed prefix list for CloudFront ensures that only traffic from CloudFront is allowed. AWS managed prefix lists simplify configuring and maintaining IP addresses in security groups. Therefore, this is the most operationally efficient way to meet the requirement.
It is asking a solution at network layer rather than application layer. Therefore it is A in my opinion. A managed prefix list is a set of one or more CIDR blocks. You can use prefix lists to make it easier to configure and maintain your security groups and route tables.
cloudfront header and alb condition
Voting for C.
A because is saying at network layer. https://aws.amazon.com/about-aws/whats-new/2022/02/amazon-cloudfront-managed-prefix-list/