Which combination of steps should the solutions architect take to resolve this issue?

By:
In: SAP-C02
Tagged:
With: 1 Comment
A company is using multiple AWS accounts.The DNS records are stored in a private hosted zone for Amazon Route 53 in Account A.The company’s applications and databases are running in Account B.A solutions architect will deploy a two-tier application in a new VPC.To simplify the configuration, the db.example.com CNAME record set for the Amazon RDS endpoint was created in a private hosted zone for Amazon Route 53.During deployment, the application failed to start.Troubleshooting revealed that db.example.com is not resolvable on the Amazon EC2 instance.The solutions architect confirmed that the record set was created correctly in Route 53.

Which combination of steps should the solutions architect take to resolve this issue?

(Choose two.)

Deploy the database on a separate EC2 instance in the new VPC. Create a record set for the instance’s private IP in the private hosted zone.

Use SSH to connect to the application tier EC2 instance. Add an RDS endpoint IP address to the /etc/resolv.conf file.

Create an authorization to associate the private hosted zone in Account A with the new VPC in Account B.

Create a private hosted zone for the example com domain in Account B. Configure Route 53 replication between AWS accounts.

Associate a new VPC in Account B with a hosted zone in Account A. Delete the association authorization in Account A.

Explanations:

This option suggests deploying the database on a separate EC2 instance and creating a record set for its private IP, which doesn’t address the issue of DNS resolution from the EC2 instance in Account B. The original goal is to resolve db.example.com, which is already set up in the private hosted zone in Account A.

Manually adding an RDS endpoint IP address to the /etc/resolv.conf file does not resolve the underlying issue of DNS resolution and is not a sustainable or recommended solution. Changes to /etc/resolv.conf may not persist and do not solve the problem of inter-account DNS resolution.

Creating an authorization to associate the private hosted zone in Account A with the new VPC in Account B allows resources in Account B to resolve DNS records in the private hosted zone of Account A. This step is essential for enabling cross-account DNS resolution.

Creating a private hosted zone in Account B and configuring Route 53 replication is unnecessary and does not resolve the existing DNS resolution issue. The focus should be on enabling access to the already established private hosted zone in Account A.

Associating the new VPC in Account B with the hosted zone in Account A allows the EC2 instances in Account B to resolve DNS records defined in the private hosted zone in Account A. This step directly addresses the problem of DNS resolution.

2025-10-06

1 Comment

  1. Debra
    Author

    As I see it, the answer is:
    Create an authorization to associate the private hosted zone in Account A with the new VPC in Account B.

Leave a Reply

Your email address will not be published. Required fields are marked *

14 − 12 =