A company with several VPCs in the us-east-1 Region wants to reduce the cost of its workl…

Question

A company with several VPCs in the us-east-1 Region wants to reduce the cost of its workloads. A network engineer has identified that all traffic bound to Amazon services is flowing through a NAT gateway. Additionally, all the VPCs are peered to a hub VPC for access to common services.
What should the network engineer do to reduce data transfer costs to Amazon Simple Queue Service (Amazon SQS)?

Accepted Answer

Correct answer: A. A. Disable the private DNS name for the SQS endpoint. Create an Amazon Route 53 private hosted zone for the domain us-east-1.sqs.amazonaws.com. Create a CNAME record to the DNS name of the SQS endpoint. Share the private hosted zone with all other VPCs. — To route traffic from peered spoke VPCs to the SQS interface endpoint in the hub VPC, the default private DNS name on the VPC endpoint must be disabled to prevent overlapping DNS issues. A custom Route 53 private hosted zone for the SQS regional domain (us-east-1.sqs.amazonaws.com) must then be created and shared with all spoke VPCs. Using a CNAME record in this hosted zone pointing to the VPC endpoint DNS name allows all peered VPCs to resolve and access the SQS service privately without passing through the NAT gateway.

AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 336

Answer options

Correct answer: A

Explanation