Q90 — AWS SOA-C02 Ch.1
Question 90 of 100 | ← Chapter 1
A company manages its production applications across several AWS accounts. The company hosts the production applications on Amazon EC2 instances that run Amazon Linux 2. The EC2 instances are spread across multiple VPCs. Each VPC uses its own Amazon Route 53 private hosted zone for private DNS. A VPC from Account A needs to resolve private DNS records from a private hosted zone that is associated with a different VPC in Account B. What should a SysOps administrator do to meet these requirements?
- A. In Account A, create an AWS Systems Manager document that updates the /etc/resolv.conf file across all EC2 instances to point to the AWS provided default DNS resolver for the VPC in Account B.
- B. In Account A, create an AWS CloudFormation template that associates the private hosted zone from Account B with the private hosted zone in Account A.
- C. In Account A, use the AWS CLI to create a VPC association authorization. When the association is created, use the AWS CLI in Account B to associate the VPC from Account A with the private hosted zone in Account B.
- D. In Account B, use the AWS CLI to create a VPC association authorization. When the association is created, use the AWS CLI in Account A to associate the VPC from Account B with the private hosted zone in Account A. ✓
Correct Answer: D. In Account B, use the AWS CLI to create a VPC association authorization. When the association is created, use the AWS CLI in Account A to associate the VPC from Account B with the private hosted zone in Account A.
Explanation
AWS允许跨账户共享Route 53私有托管区域。根据AWS文档,私有托管区域所有者需在账户B中使用AWS CLI创建VPC关联授权,授权账户A的VPC访问。账户A的管理员随后将账户B的VPC与该私有托管区域关联。选项D描述的流程符合此机制,而其他选项涉及的资源归属或操作顺序不符合AWS跨账户共享私有托管区域的步骤。AWS官方指南明确指出关联授权必须由托管区域所在的账户发起。