Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Shield advanced for Route53 delegated subdomains

0

A customer has (all using Route 53):

  • a parent AWS account where the domain myapplication.com is hosted
  • multiple child AWS accounts that operate hosted zones for subdomains, such as app1.myapplication.com, app2.myapplication.com, etc.
  • the parent account delegates to the child accounts using NS records

They were wondering: if they are using Shield advanced for Route 53, do they only need to sign up the myapplication.com hosted zone in the parent account or do they also need to go to all child accounts and sign up the subdomain hosted zones for Shield advanced as well?

I was thinking the latter one, as the DNS servers for the parent domain may be different to the ones for the subdomains, but wanted to confirm here.

Thanks a lot for your input!

Temas
Seguridad, identidad y cumplimientoRedes y entrega de contenido
Etiquetas
AWS ShieldAmazon Route 53
Idioma
English
AWS-User-2749457
preguntada hace 6 años451 visualizaciones
1 Respuesta
0
Respuesta aceptada

It is as you suspected. For Shield Advanced you specify the hosted zone that you wish to protect in the account that the zone is defined in, so unfortunately your customer will need to add in protection for each hosted zone across each of their sub-accounts. Shield Advanced is subscribed to and configured on a per account basis - of course, if these accounts are all in the same consolidated billing family then the customer is only charged once, but there is no automatic protection of sub-domains in sub-accounts across that billing family.

AWS
EXPERTO
Dr Andrew Kane
respondido hace 6 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante