AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 338

A network engineer is deploying an application on an Amazon EC2 instance. The instance is reachable within the VPC through its private IP address and from the internet using an elastic IP address. Clients are connecting to the instance over the Internet and within the VPC, and the application needs to be identified by a single custom Fully Qualified Domain Name that is publicly resolvable `"`˜app.example.com'.
Instances within the VPC should always connect to the private IP to minimize data transfer costs.
How should the engineer configure DNS to support these requirements?

Answer options

• A. Use Amazon Route 53 to create a geo-based routing entry for the hostname 'app' in the DNS zone 'example.com'.
• B. Create two A record entries for 'app' in the DNS zone 'example.com' ג€" one for the public IP and one for the private IP.
• C. Use Route 53 to create an ALIAS record to the public DNS name for the instance.
• D. Create a CNAME for 'app' in the DNS zone 'example.com' to the public DNS name for the Amazon EC2 instance.

Correct answer: D

Explanation

AWS public DNS hostnames automatically resolve to the instance's private IP address when queried from within the same VPC, and to the public IP address when queried from the internet. By creating a CNAME record for 'app.example.com' that points to this public DNS name, internal clients will automatically resolve to the private IP and avoid data transfer costs, while external clients will resolve to the public IP. Other methods, such as creating multiple A records or using geolocation routing, do not dynamically adapt to the client's VPC location in this manner.