문제

질문 30

A small company has several AWS accounts that are used by multiple teams. To centralize DNS record keeping, the company has created a private hosted zone in Amazon Route 53 on the main Account A. The new application and database servers are hosted on a VPC in Account B. The CNAME record set db.turotialsdojo.com has been created for the Amazon RDS endpoint on the private hosted zone in Amazon Route 53. Upon deployment, the application on the Amazon EC2 instances failed to start. The application logs indicate that the database endpoint db.turotialsdojo.com is not resolvable. However, the solutions architect can confirm that the Route 53 entry is configured correctly.

Which of the following options is the recommended solution for this issue? (Select TWO.)

1. On Account B, associate the VPC to the private hosted zone in Account A. Delete the association authorization after the association is created.

2. On Account A, create an authorization to associate its private hosted zone to the new VPC in Account B.

3. Create a VPC peering between the Account A VPC and Account B VPC. Configure the Amazon EC2 instances on Account B to use the DNS resolver IPs in Account A to resolve the Amazon RDS endpoint.

4. On Account B, create a new private hosted zone in Amazon Route 53. Associate this zone to the private hosted zone in Account A to allow replication between the AWS accounts.

5. Create custom AMI for the Amazon EC2 instances that have an updated /etc/resolv.conf file containing the Amazon RDS endpoint to private IP address mapping.

풀이 및 공부

route 53의 private hosted zone을 다른 계정와 공유하는 방법을 아는가? 라는 문제

A hosted zone is a container for records, and records contain information about how you want to route traffic for a specific domain, such as example.com, and its subdomains (acme.example.com, zenith.example.com). A hosted zone and the corresponding domain have the same name. There are two types of hosted zones:

• Public hosted zones contain records that specify how you want to route traffic on the internet. For more information, see Working with public hosted zones.

• Private hosted zones contain records that specify how you want to route traffic in an Amazon VPC.

A hosted zone tells Route 53 how to response to DNS queries for a domain such as example.com

pythonholicdemo.com 라는 새로운 domain을 만들어보자. private hosted zone을 선택하면 VPC를 선택하라고 나온다.

즉 private hosted zone은 VPC를 위한 것

CNAME record를 하나 추가했다. 아래 사진의 www.amazon.com 을 db.turotialsdojo.com 으로 바꾸면 문제에서 얘기한 DNS record를 centralize하는 account A가 완성되었다.

방금 등록한 dev.pythonholic.demo가 잘 등록되었는지, vpc 안에있는 EC2를 통해 확인 가능하다.

다른 계정에서 이 도메인을 쓰려면?

위에서 설명한대로 private hosted zone은 vpc내에서만 유효한 도메인이다. 그럼 다른 vpc에서는 어떻게 사용할 수 있을까?

private로 hosted zone을 설정할때의 콘솔화면에서 그 방법에대해 간단히 설명하고 있다. cli를 쓰라는 것 같다.

Account A : create-vpc-association-authorization Account B : associate-vpc-with-hosted-zone

A계정은 연결 ‘권한’을 만들어주고 B계정은 연결을 한다. 라고 이해했다.

연결이 완료되면 콘솔에서 Associate VPCs에서 리스트 확인이 가능하다.

그리고 Account B에서도 Dig 커맨드를 써서도 확인이 가능할 것 같다.

참고

• https://repost.aws/ko/knowledge-center/route53-private-hosted-zone

• https://www.youtube.com/watch?v=qCxfukA50y4

• https://www.youtube.com/watch?v=2GvcB_1dI1o