AWS Certified Solutions Architect – Professional (SAP-C02) — Question 13

A company is using multiple AWS accounts. The DNS records are stored in a private hosted zone for Amazon Route 53 in Account A. The company’s applications and databases are running in Account B.
A solutions architect will deploy a two-tier application in a new VPC. To simplify the configuration, the db.example.com CNAME record set for the Amazon RDS endpoint was created in a private hosted zone for Amazon Route 53.
During deployment, the application failed to start. Troubleshooting revealed that db.example.com is not resolvable on the Amazon EC2 instance. The solutions architect confirmed that the record set was created correctly in Route 53.
Which combination of steps should the solutions architect take to resolve this issue? (Choose two.)

Answer options

• A. Deploy the database on a separate EC2 instance in the new VPC. Create a record set for the instance’s private IP in the private hosted zone.
• B. Use SSH to connect to the application tier EC2 instance. Add an RDS endpoint IP address to the /etc/resolv.conf file.
• C. Create an authorization to associate the private hosted zone in Account A with the new VPC in Account B.
• D. Create a private hosted zone for the example com domain in Account B. Configure Route 53 replication between AWS accounts.
• E. Associate a new VPC in Account B with a hosted zone in Account A. Delete the association authorization in Account A.

Correct answer: C, E

Explanation

The correct answer is C and E. C is necessary to allow the new VPC in Account B to access the private hosted zone in Account A, ensuring that DNS queries can be resolved correctly. E is also needed to create the association between the VPC and the hosted zone, while the other options do not address the issue of DNS resolution across accounts.