AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 122
A company is running a hybrid cloud environment. The company has multiple AWS accounts as part of an organization in AWS Organizations. The company needs a solution to manage a list of IPv4 on-premises hosts that will be allowed to access resources in AWS. The solution must provide version control for the list of IPv4 addresses and must make the list available to the AWS accounts in the organization.
Which solution will meet these requirements?
Answer options
- A. Create a customer-managed prefix list. Add entries for the initial list of on-premises IPv4 hosts. Create a resource share in AWS Resource Access Manager. Add the managed prefix list to the resource share. Share the resource with the organization.
- B. Create a customer-managed prefix list. Add entries for the initial list of on-premises IPv4 hosts. Use AWS Firewall Manager to share the managed prefix list with the organization.
- C. Create a security group. Add inbound rule entries for the initial list of on-premises IPv4 hosts. Create a resource share in AWS Resource Access Manager. Add the security group to the resource share. Share the resource with the organization.
- D. Create an Amazon DynamoDB table. Add entries for the initial list of on-premises IPv4 hosts. Create an AWS Lambda function that assumes a role in each AWS account in the organization to authorize inbound rules on security groups based on entries from the DynamoDB table.
Correct answer: A
Explanation
Option A is correct because it allows for the management of a version-controlled prefix list that can be shared across multiple AWS accounts. Option B does not provide a solution that meets the requirement of sharing the list as effectively as using AWS Resource Access Manager with a prefix list. Option C uses a security group, which is not suitable for version control of the IPv4 list. Option D introduces unnecessary complexity with Lambda and DynamoDB instead of leveraging the existing prefix list management capabilities.