Which step should the solutions architect take to resolve this issue?

A company requires that all internal application connectivity use private IP addresses.To facilitate this policy, a solutions architect has created interface endpoints to connect to AWS Public services.Upon testing, the solutions architect notices that the service names are resolving to public IP addresses, and that internal services cannot connect to the interface endpoints.

Which step should the solutions architect take to resolve this issue?

Update the subnet route table with a route to the interface endpoint.

Enable the private DNS option on the VPC attributes.

Configure the security group on the interface endpoint to allow connectivity to the AWS services.

Configure an Amazon Route 53 private hosted zone with a conditional forwarder for the internal application.

Explanations:

Updating the subnet route table with a route to the interface endpoint is not necessary because interface endpoints are designed to automatically route traffic within the VPC without requiring manual route table updates.

Enabling the private DNS option on the VPC attributes allows the internal application to resolve the interface endpoint to its private IP address instead of the public IP address, facilitating the required internal connectivity.

Configuring the security group on the interface endpoint is not relevant to the issue of name resolution. Security groups control inbound and outbound traffic but do not affect how DNS resolves to IP addresses.

While configuring an Amazon Route 53 private hosted zone can help with DNS resolution, it is not necessary if the private DNS option is enabled on the VPC attributes, which directly resolves the issue at hand.

Learn & move to cloud

Which step should the solutions architect take to resolve this issue?

Explanations:

Leave a Reply Cancel reply