Which step should the solutions architect take to resolve this issue?

A company requires that all internal application connectivity use private IP addresses.To facilitate this policy, a solutions architect has created interface endpoints to connect to AWS public services.Upon testing, the solutions architect notices that the service names are resolving to public IP addresses, and that internal services cannot connect to the interface endpoints.

Which step should the solutions architect take to resolve this issue?

Update the subnet route table with a route to the interface endpoint

Enable the private DNS option on the VPC attributes

Configure the security group on the interface endpoint to allow connectivity to the AWS services

Configure an Amazon Route 53 private hosted zone with a conditional forwarder for the internal application

Explanations:

Updating the subnet route table is not necessary for interface endpoints as they are designed to be accessible from within the VPC without modifying route tables.

Enabling the private DNS option allows the service names to resolve to private IP addresses instead of public IPs, facilitating internal connectivity to the interface endpoints.

While configuring the security group is important for allowing traffic, the primary issue here is the DNS resolution to public IPs, not security group rules.

Configuring a Route 53 private hosted zone with a conditional forwarder would not directly resolve the issue of public IP address resolution for AWS services accessed via interface endpoints.

Learn & move to cloud

Which step should the solutions architect take to resolve this issue?

Explanations:

Leave a Reply Cancel reply