Design Solutions for Organizational Complexity II
Explore how to design advanced AWS architectures addressing organizational complexity, including centralized DNS resolution, scalable EKS networking, identity integration with corporate providers, enforced security baselines, and secure cross-account data sharing. This lesson helps you understand practical strategies for managing multi-account environments, ensuring resilience, security, and operational efficiency in enterprise AWS workloads.
We'll cover the following...
Question 6
A regulated enterprise has dozens of accounts under AWS Organizations. AWS workloads must resolve on-premises domains, such as corp.example.internal, and on-premises applications must resolve private hosted zone records for AWS services. DNS must be centrally managed and resilient across Availability Zones without deploying custom DNS servers in every VPC. (Select any three options.)
A. Create centralized Route 53 Resolver outbound endpoints across multiple Availability Zones and configure conditional forwarding rules for on-premises domains to corporate DNS servers over Direct Connect or Site-to-Site VPN.
B. Create Route 53 Resolver inbound endpoints across multiple Availability Zones and configure on-premises DNS conditional forwarders to send AWS private hosted zone queries to the inbound endpoint IP addresses.
C. Replace private hosted zones with public hosted zones for internal service names so that both AWS and on-premises clients can resolve the records without conditional forwarding.
D. Share Route 53 Resolver rules with workload accounts using AWS RAM, associate rules and required private hosted zones with the appropriate VPCs, and enable Route 53 Resolver query logging for centralized visibility.
E. Deploy EC2-based DNS servers in every workload ...