Explanation:
To associate a Route 53 private hosted zone (PHZ) in one account (Account B) with a VPC in another account (Account A), the account that owns the PHZ (Account B) must first create a VPC association authorization using the AWS CLI or API. Once the authorization is created, the account that owns the VPC (Account A) can execute the association command to link its VPC to the hosted zone. (Note: Option D in the provided text contains a known transcript typo at the end describing the final command variables, but it is the only option that correctly identifies Account B as the initiator for creating the VPC association authorization).
Ultimate access to all questions.
Question 21
A company manages its production applications across several AWS accounts. The company hosts the production applications on Amazon EC2 instances that run Amazon Linux 2. The EC2 instances are spread across multiple VPCs. Each VPC uses its own Amazon Route 53 private hosted zone for private DNS. A VPC from Account A needs to resolve private DNS records from a private hosted zone that is associated with a different VPC in Account B. What should a SysOps administrator do to meet these requirements?
A
In Account A, create an AWS Systems Manager document that updates the /etc/resolv.conf file across all EC2 instances to point to the AWS provided default DNS resolver for the VPC in Account B.
B
In Account A, create an AWS CloudFormation template that associates the private hosted zone from Account B with the private hosted zone in Account A.
C
In Account A, use the AWS CLI to create a VPC association authorization. When the association is created, use the AWS CLI in Account B to associate the VPC from Account A with the private hosted zone in Account B.
D
In Account B, use the AWS CLI to create a VPC association authorization. When the association is created, use the AWS CLI in Account A to associate the VPC from Account B with the private hosted zone in Account A.
No comments yet.