Topic 1 Question 79
3 つ選択A company has a hybrid cloud environment. The company’s data center is connected to the AWS Cloud by an AWS Direct Connect connection. The AWS environment includes VPCs that are connected together in a hub-and-spoke model by a transit gateway. The AWS environment has a transit VIF with a Direct Connect gateway for on-premises connectivity.
The company has a hybrid DNS model. The company has configured Amazon Route 53 Resolver endpoints in the hub VPC to allow bidirectional DNS traffic flow. The company is running a backend application in one of the VPCs.
The company uses a message-oriented architecture and employs Amazon Simple Queue Service (Amazon SQS) to receive messages from other applications over a private network. A network engineer wants to use an interface VPC endpoint for Amazon SQS for this architecture. Client services must be able to access the endpoint service from on premises and from multiple VPCs within the company's AWS infrastructure.
Which combination of steps should the network engineer take to ensure that the client applications can resolve DNS for the interface endpoint?
Create the interface endpoint for Amazon SQS with the option for private DNS names turned on.
Create the interface endpoint for Amazon SQS with the option for private DNS names turned off.
Manually create a private hosted zone for sqs.us-east-1.amazonaws.com. Add necessary records that point to the interface endpoint. Associate the private hosted zones with other VPCs.
Use the automatically created private hosted zone for sqs.us-east-1.amazonaws.com with previously created necessary records that point to the interface endpoint. Associate the private hosted zones with other VPCs.
Access the SQS endpoint by using the public DNS name sqs.us-east-1 amazonaws.com in VPCs and on premises.
Access the SQS endpoint by using the private DNS name of the interface endpoint
.sqs.us-east-1.vpce.amazonaws.com in VPCs and on premises.
ユーザの投票
コメント(8)
To access interface endpoints through other VPCs, we need to -
- Disable private DNS for VPC endpoints
- Create PHZ e.g. sqs.us-east-1.amazonaws.com
- Create Alias record pointing to VPC endpoint DNS
- Associate PHZ with all the spoke VPCs
Hence, answer is B), C) & E)
👍 5study_aws12023/04/25- 正解だと思う選択肢: BCE
The SQS interface endpoint needs to be created in hub VPC because it must be able to access from on-premises. -> B is correct. Because B is correct so you can’t use the automatically created private hosted zone. You need to manually create one. -> C is correct. And to access, E is correct.
👍 4rhinozD2023/04/29 BCF Disable Private DNS Create PHZ (because DNS is disabled) Create Alias to interface enpoint. Associate with spokes
👍 3kenibe3212023/04/29
シャッフルモード