Q45 — AWS ANS-C01 Ch.1
Question 45 of 100 | ← Chapter 1
A global company is designing a hybrid architecture to privately access AWS resources in the us-west-2 Region. The company's existing architecture includes a VPC that uses RFC 1918 IP address space. The VPC is connected to an on-premises data center over AWS Direct Connect Amazon Route 53 provides name resolution within the VPC. Locally managed DNS servers in the data center provide DNS services to the on-premises hosts. The company has applications in the data center that need to download objects from an Amazon S3 bucket in us-west-2. Which solution can the company use to access Amazon S3 without using the public IP address space?
- A. Create an S3 interface endpoint in the VPC. Update the on-premises application configuration to use the Regional VPC endpoint DNS hostname that is mapped to the S3 interface endpoint.
- B. Create an S3 interface endpoint in the VPC. Configure a Route 53 Resolver inbound endpoint in the VPC. Set up the data center DNS servers to forward DNS queries for the S3 domain from on premises to the inbound endpoint. ✓
- C. Create an S3 gateway endpoint in the VPUpdate the on-premises application configuration to use the hostname that is mapped to the S3 gateway endpoint.
- D. Create an S3 gateway endpoint in the VPC. Configure a Route 53 Resolver inbound endpoint in the VPC. Set up the data center DNS servers to forward DNS queries for the S3 domain from on premises to the inbound endpoint.
Correct Answer: B. Create an S3 interface endpoint in the VPC. Configure a Route 53 Resolver inbound endpoint in the VPC. Set up the data center DNS servers to forward DNS queries for the S3 domain from on premises to the inbound endpoint.
Explanation
为了在不使用公网IP地址空间的情况下从本地数据中心访问AmazonS3,公司需要实现一个私有的访问路径。选项B提供了一种通过AWSDirectConnect和AWSRoute53Resolver来达成此目标的解决方案。具体地,公司在VPC中创建一个S3接口端点,并配置一个Route53Resolver的入站端点。这样,数据中心的DNS服务器可以将针对S3域的DNS查询转发到VPC中的入站端点,从而实现私有的DNS解析和访问。此方案避免了使用公网IP,满足了题目的要求。其他选项要么使用了不支持S3接口端点的网关端点(C和D),要么没有充分利用Route53Resolver来实现私有DNS解析(A)。 查看全部