Design Solutions for Organizational Complexity II
Understand how to design advanced AWS solutions that address organizational complexity including centralized DNS, scalable EKS networking, integrated workforce identity, compliance through preventive controls, and secure cross-account data access. Learn practical techniques to manage multi-account environments with security and operational efficiency.
We'll cover the following...
Question 6
A regulated enterprise has dozens of accounts under AWS Organizations. AWS workloads must resolve on-premises domains, such as corp.example.internal, and on-premises applications must resolve private hosted zone records for AWS services. DNS must be centrally managed and resilient across Availability Zones without deploying custom DNS servers in every VPC. (Select any three options.)
A. Create centralized Route 53 Resolver outbound endpoints across multiple Availability Zones and configure conditional forwarding rules for on-premises domains to corporate DNS servers over Direct Connect or Site-to-Site VPN.
B. Create Route 53 Resolver inbound endpoints across multiple Availability Zones and configure on-premises DNS conditional forwarders to send AWS private hosted zone queries to the inbound endpoint IP addresses.
C. Replace private hosted zones with public hosted zones for internal service names so that both AWS and on-premises clients can resolve the records without conditional forwarding.
D. Share Route 53 Resolver rules with workload accounts using AWS RAM, associate rules and required private hosted zones with the appropriate VPCs, and enable Route 53 Resolver query logging for centralized visibility.
E. Deploy EC2-based DNS servers in every workload ...